CVE-2017-8751

HIGH

Microsoft Edge - Remote Code Execution via Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-8751. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC exploits a type confusion vulnerability in Microsoft Edge's Chakra JavaScript engine by manipulating object prototypes, leading to a crash. The exploit triggers a memory corruption issue via `Object.setPrototypeOf` and a page reload.

Description

Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-11766.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · htmldoswindows
https://www.exploit-db.com/exploits/43151

This PoC exploits a type confusion vulnerability in Microsoft Edge's Chakra JavaScript engine by manipulating object prototypes, leading to a crash. The exploit triggers a memory corruption issue via `Object.setPrototypeOf` and a page reload.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Edge (EdgeHTML 15.15063)
No auth needed
Prerequisites: Target must be using a vulnerable version of Microsoft Edge
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039326
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43151/

Scores

CVSS v3 7.5
EPSS 0.5400
EPSS Percentile 98.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (2)
microsoft/edge
Microsoft Corporation/Microsoft Edge Microsoft Windows 10 1703
Published Sep 13, 2017
Tracked Since Feb 18, 2026