cbcvebase.
CVE-2017-8496
published 2017-06-15

CVE-2017-8496: Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge…

PriorityP265high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
51.47%
98.8th percentile
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8497.

Affected

4 ranges
VendorProductVersion rangeFixed in
microsoft_corporationmicrosoft_edge
msrcmicrosoft_edge_on_windows_10_version_1607_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_x64-based_systems
msrcmicrosoft_edge_on_windows_server_2016

Detection & IOCsextracted from sources · hover to see the quote

commandm.style.cssText = "clip-path: url(#foo);"
commandwindow.addEventListener("DOMAttrModified", undefined)
  • Exploit triggers via a DOMAttrModified event listener set to undefined combined with setting cssText containing a clip-path SVG URL reference — detect JavaScript in Edge that registers DOMAttrModified with undefined handler and simultaneously sets clip-path CSS via cssText.
  • The faulting instruction performs an out-of-bounds memory read via [r8+rdx*8+3] — indicative of type confusion in CAttrArray; crash signature: edgehtml!CAttrArray::PrivateFindInl+0xd6 with access violation on ds:00000003`0005ffbe.
  • Vulnerability is specific to Microsoft Edge on Windows 10 1607 and Windows Server 2016 — scope detection rules to these OS versions.
  • ·The exploit proof-of-concept is publicly available on Exploit-DB (EDB-42246), but Microsoft's advisory states the vulnerability had NOT been exploited in the wild at time of disclosure — treat as exploitation-more-likely rather than confirmed active exploitation.
  • ·This CVE is distinct from CVE-2017-8497, which is a separate Microsoft Edge Memory Corruption Vulnerability — ensure detection rules target the correct CVE and do not conflate the two.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.