Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-8594Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Internet Explorer

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources
Severity
7.5HIGHNVD
EPSS
51.1%
top 2.12%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedJul 11
Latest updateMay 14

Description

Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-wgj7-93x5-5q4w: Internet Explorer on Microsoft Windows 82022-05-14
CVEList
CVE-2017-8594: Internet Explorer on Microsoft Windows 82017-07-11

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 11.0.9600.18617 - 'CMarkup::DestroySplayTree' Memory Corruption2017-07-18

📋Vendor Advisories

1
Microsoft
Internet Explorer Memory Corruption Vulnerability2017-07-11

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - July 20172017-07-11
Zscaler
Zscaler found Multiple Security Vulnerabilities | 07-11-2017
CVE-2017-8594 — Microsoft vulnerability | cvebase