cbcvebase.
CVE-2017-8517
published 2017-06-15

CVE-2017-8517: Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607…

PriorityP348high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EPSS
8.21%
94.2th percentile
Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8522 and CVE-2017-8524.

Affected

20 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoft_corporationmicrosoft_browsers
msrcinternet_explorer_10_on_windows_server_2012
msrcinternet_explorer_11_on_windows_10_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1511_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1511_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1607_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1607_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1703_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1703_for_x64-based_systems
msrcinternet_explorer_11_on_windows_8.1_for_32-bit_systems
msrcinternet_explorer_11_on_windows_8.1_for_x64-based_systems
msrcinternet_explorer_11_on_windows_rt_8.1
msrcinternet_explorer_11_on_windows_server_2012_r2
msrcinternet_explorer_11_on_windows_server_2016
msrcinternet_explorer_9_on_windows_server_2008_for_32-bit_systems_service_pack_2
msrcinternet_explorer_9_on_windows_server_2008_for_x64-based_systems_service_pack_2

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_msrc6.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.