Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2017-8496 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Microsoft Edge
Severity
7.5HIGHNVD
EPSS
49.5%
top 2.19%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJun 15
Latest updateMay 14
Description
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8497.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9
Affected Packages4 packages
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-mqqp-mr6w-85x4: Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microso↗2022-05-14
GHSA▶
GHSA-mqjp-wr5x-p2pq: Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microso↗2022-05-14