CVE-2017-8496
published 2017-06-15CVE-2017-8496: Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge…
PriorityP265high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
51.47%
98.8th percentile
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8497.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft_corporation | microsoft_edge | — | — |
| msrc | microsoft_edge_on_windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_server_2016 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit triggers via a DOMAttrModified event listener set to undefined combined with setting cssText containing a clip-path SVG URL reference — detect JavaScript in Edge that registers DOMAttrModified with undefined handler and simultaneously sets clip-path CSS via cssText. ↗
- →The faulting instruction performs an out-of-bounds memory read via [r8+rdx*8+3] — indicative of type confusion in CAttrArray; crash signature: edgehtml!CAttrArray::PrivateFindInl+0xd6 with access violation on ds:00000003`0005ffbe. ↗
- →Vulnerability is specific to Microsoft Edge on Windows 10 1607 and Windows Server 2016 — scope detection rules to these OS versions. ↗
- ·The exploit proof-of-concept is publicly available on Exploit-DB (EDB-42246), but Microsoft's advisory states the vulnerability had NOT been exploited in the wild at time of disclosure — treat as exploitation-more-likely rather than confirmed active exploitation. ↗
- ·This CVE is distinct from CVE-2017-8497, which is a separate Microsoft Edge Memory Corruption Vulnerability — ensure detection rules target the correct CVE and do not conflate the two. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mqqp-mr6w-85x4: Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microso
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2017-8497 [HIGH] CWE-119 GHSA-mqqp-mr6w-85x4: Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microso
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8496.
GHSA
GHSA-mqjp-wr5x-p2pq: Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microso
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2017-8496 [HIGH] CWE-119 GHSA-mqjp-wr5x-p2pq: Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microso
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8497.
Microsoft
Microsoft Edge Memory Corruption Vulnerability
vendor_msrc·2017-06-13·CVSS 4.2
CVE-2017-8496 [HIGH] Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to
No detection rules found.
Talos
Microsoft Patch Tuesday - June 2017
blogs_talos·2017-06-13·CVSS 8.8
CVE-2017-0283 [HIGH] Microsoft Patch Tuesday - June 2017
Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 92 vulnerabilities with 17 of them rated critical and 75 rated important. Impacted products include Edge, Internet Explorer, Office, Sharepoint, Skype for Business, Lync, and Windows.
### Vulnerabilities Rated Critical
#### CVE-2017-0283 This is a remote code execution vulnerability in Windows Uniscribe related to improper handling of objects in memory. The attack can result in the attacker gaining full control of the affected system. This can be exploited through multiple vectors including viewing a specially crafted website or a user opening a specially crafted document file.
#### CVE-2017-0291 / CVE-2017-0292 These are remote code execution vulnerabil
Zscaler
Zscaler found Multiple Security Vulnerabilities | 06-13-2017
blogs_zscaler·CVSS 8.8
[HIGH] Zscaler found Multiple Security Vulnerabilities | 06-13-2017
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/98880https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8496https://www.exploit-db.com/exploits/42246/http://www.securityfocus.com/bid/98880https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8496https://www.exploit-db.com/exploits/42246/
2017-06-15
Published