CVE-2017-8594
published 2017-07-11CVE-2017-8594: Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the…
PriorityP265high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
50.37%
98.8th percentile
Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_rt_8.1 | — | — |
| msrc | internet_explorer_11_on_windows_server_2012_r2 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The exploit PoC uses a setTimeout race with window.location.reload() combined with SVG replaceChild DOM manipulation to trigger the memory corruption. Detect JavaScript in web pages combining setTimeout('window.location.reload()', ...) with SVG <pattern>/<use> replaceChild calls. ↗
- →The vulnerability is rooted in the Microsoft Windows Text Services Framework object handling in MSHTML. The patch (KB4025336 / KB4025252) modifies how the TSF handles objects in memory — absence of these KBs on affected systems indicates unpatched exposure. ↗
- ·The PoC crash was only reproducible on Windows 7 64-bit with IE 11.0.9600.18617; the researcher could not reproduce it on Windows 10, limiting the confirmed affected surface. ↗
- ·Microsoft's advisory scopes the vulnerability to Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 — not Windows 7 — creating a discrepancy with the PoC's confirmed environment. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_msrc7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wgj7-93x5-5q4w: Internet Explorer on Microsoft Windows 8
ghsa_unreviewed·2022-05-14
CVE-2017-8594 [HIGH] CWE-119 GHSA-wgj7-93x5-5q4w: Internet Explorer on Microsoft Windows 8
Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".
Microsoft
Internet Explorer Memory Corruption Vulnerability
vendor_msrc·2017-07-11·CVSS 7.5
CVE-2017-8594 [HIGH] Internet Explorer Memory Corruption Vulnerability
Internet Explorer Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could host a specially crafted website designed to exploit the vulnerability through
No detection rules found.
Talos
Microsoft Patch Tuesday - July 2017
blogs_talos·2017-07-11·CVSS 7.8
CVE-2017-8463 [HIGH] Microsoft Patch Tuesday - July 2017
Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 54 vulnerabilities with 19 of them rated critical, 32 rated important, and 3 rated moderate. Impacted products include Edge, .NET Framework, Internet Explorer, Office, and Windows.
### Vulnerabilities Rated Critical
#### CVE-2017-8463
This is a remote code execution vulnerability related to the way that Windows Explorer handles executable files and shares during rename operations. If exploited this vulnerability could run arbitrary code, users not running as administrators would be less affected. This vulnerability can be triggered via a malicious share folder and malware named with an executable extension.
#### CVE-2017-8584 A remote code execution vul
Zscaler
Zscaler found Multiple Security Vulnerabilities | 07-11-2017
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler found Multiple Security Vulnerabilities | 07-11-2017
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/99401https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8594https://www.exploit-db.com/exploits/42336/http://www.securityfocus.com/bid/99401https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8594https://www.exploit-db.com/exploits/42336/
2017-07-11
Published