CVE-2017-8755

HIGH

Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-8755. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC exploits a vulnerability in Microsoft Edge's Chakra JavaScript engine by triggering a stack exhaustion exception during the re-parsing of an asm.js module, leading to a denial-of-service (DoS) condition. The exploit leverages recursive function calls to exhaust the stack and force an exception, leaving the function body in an invalid state.

Description

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8756, and CVE-2017-11764.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · htmldoswindows
https://www.exploit-db.com/exploits/42766

This PoC exploits a vulnerability in Microsoft Edge's Chakra JavaScript engine by triggering a stack exhaustion exception during the re-parsing of an asm.js module, leading to a denial-of-service (DoS) condition. The exploit leverages recursive function calls to exhaust the stack and force an exception, leaving the function body in an invalid state.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Edge (Chakra JavaScript engine)
No auth needed
Prerequisites: A vulnerable version of Microsoft Edge with the Chakra JavaScript engine
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039342
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42766/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100778

Scores

CVSS v3 7.5
EPSS 0.7698
EPSS Percentile 99.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (2)
microsoft/edge
Microsoft Corporation/Microsoft Edge Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.
Published Sep 13, 2017
Tracked Since Feb 18, 2026