CVE-2017-8636

HIGH

Microsoft Internet Explorer - Memory Corruption

Title source: rule

Description

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Google Security Research · htmldoswindows
https://www.exploit-db.com/exploits/42478
exploitdb WRITEUP
by Huang Anwen · htmldoswindows
https://www.exploit-db.com/exploits/42467
exploitdb WRITEUP
by Huang Anwen · htmldoswindows
https://www.exploit-db.com/exploits/42468
exploitdb WORKING POC
by Huang Anwen · htmldoswindows
https://www.exploit-db.com/exploits/42466

References (8)

Scores

CVSS v3 7.5
EPSS 0.8271
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (5)
microsoft/edge
microsoft/internet_explorer 10
microsoft/internet_explorer 11
microsoft/internet_explorer 9
Microsoft Corporation/Microsoft Scripting Engine Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server
Published Aug 08, 2017
Tracked Since Feb 18, 2026