CVE-2017-8669

HIGH

Microsoft Edge and Internet Explorer - Remote Code Execution via Memory Corruption

Title source: llm

Description

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly handling objects in memory while rendering content, aka "Microsoft Browser Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8653.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/100068

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8669

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1039095

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1039094

Scores

CVSS v3 7.5

EPSS 0.2195

EPSS Percentile 95.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (3)

microsoft/edge

microsoft/internet_explorer 11

Microsoft Corporation/Internet Explorer Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server

Published Aug 08, 2017

Tracked Since Feb 18, 2026