CVE-2017-8625

HIGH

Microsoft Internet Explorer - Incorrect Default Permissions

Title source: rule

Description

Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability".

Exploits (1)

nomisec WORKING POC 1 stars

by homjxi0e · poc

https://github.com/homjxi0e/CVE-2017-8625_Bypass_UMCI

View Code ZIP pw:eip

References (5)

Core 5

Core References

Various Sources

https://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625/

Patch, Vendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625

Exploit, Third Party Advisory

https://posts.specterops.io/umci-vs-internet-explorer-exploring-cve-2017-8625-3946536c6442

Third Party Advisory, VDB Entry vdb-entry

http://www.securityfocus.com/bid/100063

Third Party Advisory, VDB Entry vdb-entry

http://www.securitytracker.com/id/1039112

Scores

CVSS v3 8.8

EPSS 0.6982

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (2)

microsoft/internet_explorer 11

Microsoft Corporation/Internet Explorer Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.

Published Aug 08, 2017

Tracked Since Feb 18, 2026