cbcvebase.
CVE-2017-8598
published 2017-07-11

CVE-2017-8598: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the…

PriorityP271high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
8.89%
94.6th percentile
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.

Affected

10 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
msrcmicrosoft_edge_on_windows_10_version_1511_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1703_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1703_for_x64-based_systems
msrcmicrosoft_edge_on_windows_server_2016

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered when Microsoft Edge improperly accesses objects in memory via the Microsoft Scripting Engine — monitor for Edge renderer/JavaScript engine crashes or unexpected code execution originating from the Edge process
  • Attack vector is a specially crafted website delivered via social engineering (email/IM lure or malicious ad/compromised site injection) — hunt for Edge navigations to newly registered or low-reputation domains following email/IM link clicks
  • Post-exploitation capability includes program installation and account creation — alert on child processes spawned by MicrosoftEdgeCP.exe or net user / useradd commands following Edge activity
  • ·Affected platforms are limited to Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 running Microsoft Edge with the Microsoft Scripting Engine; detections should be scoped accordingly
  • ·As of advisory publication, no public exploit code or active in-the-wild exploitation was confirmed, though Microsoft rated it 'Exploitation More Likely' for the latest software release — prioritise patching (KB4025339, KB4025342, KB4025344) over detection tuning

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck7.5HIGH
vendor_msrc3.1LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.