cbcvebase.
CVE-2017-11810
published 2017-10-13

CVE-2017-11810: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold…

PriorityP268high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
53.89%
98.9th percentile
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.

Affected

24 ranges
VendorProductVersion rangeFixed in
microsoftchakracore< 1.7.31.7.3
microsoftchakracore<= 1.7.2
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
msrcinternet_explorer_10_on_windows_server_2012
msrcinternet_explorer_11_on_windows_10_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1511_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1511_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1607_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1607_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1703_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1703_for_x64-based_systems
msrcinternet_explorer_11_on_windows_7_for_32-bit_systems_service_pack_1
msrcinternet_explorer_11_on_windows_7_for_x64-based_systems_service_pack_1
msrcinternet_explorer_11_on_windows_8.1_for_32-bit_systems
msrcinternet_explorer_11_on_windows_8.1_for_x64-based_systems
msrcinternet_explorer_11_on_windows_rt_8.1
msrcinternet_explorer_11_on_windows_server_2008_r2_for_x64-based_systems_service_pac
msrcinternet_explorer_11_on_windows_server_2012_r2
msrcinternet_explorer_11_on_windows_server_2016
msrcinternet_explorer_9_on_windows_server_2008_for_32-bit_systems_service_pack_2
msrcinternet_explorer_9_on_windows_server_2008_for_x64-based_systems_service_pack_2

Detection & IOCsextracted from sources · hover to see the quote

commandvar e = new Error(); var o = {toString:function() { e.name = 1; CollectGarbage();
  • The vulnerability is a Use-After-Free in jscript!JsErrorToString triggered via Error object toString override combined with CollectGarbage() to force GC and reallocate freed memory — monitor for jscript.dll crash/exception at jscript!AString::ConvertToBSTR
  • Web-based attack vector: attacker hosts a specially crafted website exploited through Internet Explorer — monitor for IE navigating to unusual or newly-registered domains delivering JavaScript with Error object manipulation and forced GC
  • ActiveX attack vector: attacker could embed an ActiveX control marked 'safe for initialization' in Office documents hosting the IE rendering engine — monitor Office processes spawning iexplore.exe or loading MSHTML.dll/jscript.dll
  • ·Exploit status at time of advisory was 'Publicly Disclosed: No; Exploited: No' but rated 'Exploitation More Likely' for both latest and older software releases — treat as high-priority patching target
  • ·The PoC exploit (EDB-43131) targets Internet Explorer 11 specifically via jscript.dll (legacy scripting engine), not Chakra/Edge — detection rules should target iexplore.exe process context with jscript.dll loaded

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
ghsa7.5HIGH
osv7.5HIGH
vendor_msrc6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.