CVE-2017-8594

HIGH

Internet Explorer on Windows 8.1/RT 8.1/Server 2012 R2 - Remote Code Execution via Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-8594. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC exploits a memory corruption vulnerability in Internet Explorer 11 via an SVG <use> element, leading to an access violation. The crash occurs in MSHTML!CMarkup::DestroySplayTree, indicating a use-after-free or similar memory management issue.

Description

Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · htmldoswindows

https://www.exploit-db.com/exploits/42336

View Code ZIP pw:eip

This PoC exploits a memory corruption vulnerability in Internet Explorer 11 via an SVG <use> element, leading to an access violation. The crash occurs in MSHTML!CMarkup::DestroySplayTree, indicating a use-after-free or similar memory management issue.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Internet Explorer 11.0.9600.18617 (Update Version 11.0.40) on Windows 7 64-bit

No auth needed

Prerequisites: Target must be using Internet Explorer 11 on Windows 7 64-bit · Single process mode (TabProcGrowth=0)

MITRE ATT&CK

T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8594

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/99401

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42336/

Scores

CVSS v3 7.5

EPSS 0.4843

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (2)

microsoft/internet_explorer 11

Microsoft Corporation/Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 Internet Explorer

Published Jul 11, 2017

Tracked Since Feb 18, 2026