cbcvebase.
CVE-2017-8605
published 2017-07-11

CVE-2017-8605: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the…

PriorityP271high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
8.97%
94.6th percentile
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.

Affected

13 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoft_corporationwindows_10_1703
msrcmicrosoft_edge_on_windows_10_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1703_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1703_for_x64-based_systems
msrcmicrosoft_edge_on_windows_server_2016

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is in the Microsoft Edge JavaScript (Scripting) Engine — focus detection on Edge renderer/chakra process memory corruption triggered by specially crafted web content
  • Attack vector is a user-visited malicious or compromised website; monitor for Edge navigating to attacker-controlled or suspicious external URLs, especially via email/IM lure links or malicious ad content
  • Delivery mechanism includes email/IM lures and malicious attachments — correlate Edge process spawning or child processes with prior email/IM activity
  • Successful exploitation results in code execution with current user rights, potentially SYSTEM-level if user is admin — alert on unexpected child processes spawned from MicrosoftEdgeCP.exe or similar Edge content-process executables
  • Affected platforms: Windows 10 Gold, 1511, 1607, 1703 and Windows Server 2016 — prioritise detection/patching on unpatched builds of these versions
  • ·Exploit Status is 'Exploitation More Likely' for the latest software release but marked 'Publicly Disclosed: No; Exploited: No' at time of advisory — treat as high-priority patch target rather than confirmed in-the-wild exploitation
  • ·Remediation requires applying the relevant KB updates (KB4025339, KB4025342, KB4025338, KB4025344) depending on the Windows 10 build in use — absence of these KBs on affected hosts indicates a vulnerable state

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck7.5HIGH
vendor_msrc3.1LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.