CVE-2017-8636

HIGH

Microsoft Internet Explorer and Edge - Remote Code Execution via Scripting Engine Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2017-8636. PoCs published by Google Security Research, Huang Anwen.

AI-analyzed exploit summary This PoC exploits an integer overflow vulnerability in the Chakra JavaScript engine (CVE-2017-8636) by passing an excessively large number of arguments to the Array constructor, bypassing a flawed overflow check. The exploit triggers a denial-of-service condition due to incorrect handling of argument counts.

Description

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Google Security Research · htmldoswindows
https://www.exploit-db.com/exploits/42478

This PoC exploits an integer overflow vulnerability in the Chakra JavaScript engine (CVE-2017-8636) by passing an excessively large number of arguments to the Array constructor, bypassing a flawed overflow check. The exploit triggers a denial-of-service condition due to incorrect handling of argument counts.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Chakra JavaScript Engine (Edge, IE)
No auth needed
Prerequisites: A browser or environment using the Chakra JavaScript engine
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
by Huang Anwen · htmldoswindows
https://www.exploit-db.com/exploits/42467

This is a technical writeup detailing a null pointer dereference and stack overflow vulnerability in ChakraCore's ByteCodeEmitter.cpp. It includes code snippets and a debugger output but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Theoretical
Target: ChakraCore (Microsoft Edge JavaScript engine)
No auth needed
Prerequisites: Target system running vulnerable version of ChakraCore
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
by Huang Anwen · htmldoswindows
https://www.exploit-db.com/exploits/42468

This is a writeup detailing a heap-based overflow vulnerability in ChakraCore's InterpreterStackFrame. The analysis includes code snippets and debugger output, explaining how the vulnerability can be triggered by manipulating the `varAllocCount` to exceed the `LocalsThreshold`.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: ChakraCore (Microsoft Edge)
No auth needed
Prerequisites: Access to a vulnerable version of ChakraCore · Ability to execute JavaScript in the target environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Huang Anwen · htmldoswindows
https://www.exploit-db.com/exploits/42466

This exploit demonstrates an integer overflow vulnerability in ChakraCore (CVE-2017-8636) where constructing a new object with 0xFFFF arguments causes an out-of-bounds write. The PoC targets Microsoft Edge's JavaScript engine, leading to potential remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Edge (ChakraCore) on Windows 10
No auth needed
Prerequisites: Target must be running a vulnerable version of Microsoft Edge with ChakraCore
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100056
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42466/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42467/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42468/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039095
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039094
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42478/

Scores

CVSS v3 7.5
EPSS 0.8166
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (5)
microsoft/edge
microsoft/internet_explorer 10
microsoft/internet_explorer 11
microsoft/internet_explorer 9
Microsoft Corporation/Microsoft Scripting Engine Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server
Published Aug 08, 2017
Tracked Since Feb 18, 2026