cbcvebase.
CVE-2017-8594
published 2017-07-11

CVE-2017-8594: Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the…

PriorityP265high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
50.37%
98.8th percentile
Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".

Affected

5 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
msrcinternet_explorer_11_on_windows_8.1_for_32-bit_systems
msrcinternet_explorer_11_on_windows_8.1_for_x64-based_systems
msrcinternet_explorer_11_on_windows_rt_8.1
msrcinternet_explorer_11_on_windows_server_2012_r2

Detection & IOCsextracted from sources · hover to see the quote

versionInternet Explorer 11.0.9600.18617 (Update Version 11.0.40)
  • The exploit PoC uses a setTimeout race with window.location.reload() combined with SVG replaceChild DOM manipulation to trigger the memory corruption. Detect JavaScript in web pages combining setTimeout('window.location.reload()', ...) with SVG <pattern>/<use> replaceChild calls.
  • The vulnerability is rooted in the Microsoft Windows Text Services Framework object handling in MSHTML. The patch (KB4025336 / KB4025252) modifies how the TSF handles objects in memory — absence of these KBs on affected systems indicates unpatched exposure.
  • ·The PoC crash was only reproducible on Windows 7 64-bit with IE 11.0.9600.18617; the researcher could not reproduce it on Windows 10, limiting the confirmed affected surface.
  • ·Microsoft's advisory scopes the vulnerability to Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 — not Windows 7 — creating a discrepancy with the PoC's confirmed environment.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_msrc7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.