CVE-2017-8605
published 2017-07-11CVE-2017-8605: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the…
PriorityP271high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
8.97%
94.6th percentile
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft_corporation | windows_10_1703 | — | — |
| msrc | microsoft_edge_on_windows_10_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1703_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1703_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_server_2016 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is in the Microsoft Edge JavaScript (Scripting) Engine — focus detection on Edge renderer/chakra process memory corruption triggered by specially crafted web content ↗
- →Attack vector is a user-visited malicious or compromised website; monitor for Edge navigating to attacker-controlled or suspicious external URLs, especially via email/IM lure links or malicious ad content ↗
- →Delivery mechanism includes email/IM lures and malicious attachments — correlate Edge process spawning or child processes with prior email/IM activity ↗
- →Successful exploitation results in code execution with current user rights, potentially SYSTEM-level if user is admin — alert on unexpected child processes spawned from MicrosoftEdgeCP.exe or similar Edge content-process executables ↗
- →Affected platforms: Windows 10 Gold, 1511, 1607, 1703 and Windows Server 2016 — prioritise detection/patching on unpatched builds of these versions ↗
- ·Exploit Status is 'Exploitation More Likely' for the latest software release but marked 'Publicly Disclosed: No; Exploited: No' at time of advisory — treat as high-priority patch target rather than confirmed in-the-wild exploitation ↗
- ·Remediation requires applying the relevant KB updates (KB4025339, KB4025342, KB4025338, KB4025344) depending on the Windows 10 build in use — absence of these KBs on affected hosts indicates a vulnerable state ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck7.5HIGH
vendor_msrc3.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rjg5-575r-97gj: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8598 [HIGH] CWE-119 GHSA-rjg5-575r-97gj: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
GHSA
GHSA-rqph-98jh-44jj: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8610 [HIGH] CWE-119 GHSA-rqph-98jh-44jj: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8595, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
GHSA
GHSA-c7p5-rv5p-9269: Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8608 [HIGH] CWE-119 GHSA-c7p5-rv5p-9269: Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8
Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8607, and CVE-2017-8609
GHSA
GHSA-4qvm-w3wh-988p: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8605 [HIGH] CWE-119 GHSA-4qvm-w3wh-988p: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
GHSA
GHSA-5x54-p5x9-xmvr: Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8607 [HIGH] CWE-119 GHSA-5x54-p5x9-xmvr: Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8
Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8608, and CVE-2017-8609
GHSA
GHSA-58w6-vpfq-p84h: Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8609 [HIGH] CWE-119 GHSA-58w6-vpfq-p84h: Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in
Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
GHSA
GHSA-9hgx-76j7-v47c: Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Micr
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8619 [HIGH] CWE-119 GHSA-9hgx-76j7-v47c: Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Micr
Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618, CVE-2017-9598 and CVE-2017-8609.
GHSA
GHSA-pw9c-gcwx-rqf5: Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8603 [HIGH] CWE-119 GHSA-pw9c-gcwx-rqf5: Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the
Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
GHSA
GHSA-j542-q88j-r528: Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8604 [HIGH] CWE-119 GHSA-j542-q88j-r528: Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the
Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8610, CVE-2017-8603, CVE-2017-8598, CVE-2017-8601, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
GHSA
GHSA-85v9-gv4g-v96p: Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the curre
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8596 [HIGH] CWE-119 GHSA-85v9-gv4g-v96p: Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the curre
Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8610, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
GHSA
GHSA-gvh2-fw4h-j7jf: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8595 [HIGH] CWE-119 GHSA-gvh2-fw4h-j7jf: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601,CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
GHSA
GHSA-7v9x-9c2c-wxvx: Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8606 [HIGH] CWE-119 GHSA-7v9x-9c2c-wxvx: Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8
Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609
GHSA
GHSA-4gjj-326p-2q44: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2017-8618 [HIGH] CWE-119 GHSA-4gjj-326p-2q44: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8619, CVE-2017-9598 and CVE-2017-8609.
GHSA
GHSA-cm3p-8h7j-7vr7: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2017-8601 [HIGH] CWE-119 GHSA-cm3p-8h7j-7vr7: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8598 and CVE-2017-8609.
VulnCheck
Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2017·CVSS 7.5
CVE-2017-8598 [HIGH] Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
Affected: Microsoft Edge
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations
VulnCheck
Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2017·CVSS 7.5
CVE-2017-8601 [HIGH] Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8598 and CVE-2017-8609.
Affected: Microsoft Edge
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
VulnCheck
Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2017·CVSS 7.5
CVE-2017-8605 [HIGH] Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
Affected: Microsoft Edge
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations
Microsoft
Microsoft Edge Memory Corruption Vulnerability
vendor_msrc·2017-07-11·CVSS 3.1
CVE-2017-8605 [HIGH] Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - July 2017
blogs_talos·2017-07-11·CVSS 7.8
CVE-2017-8463 [HIGH] Microsoft Patch Tuesday - July 2017
Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 54 vulnerabilities with 19 of them rated critical, 32 rated important, and 3 rated moderate. Impacted products include Edge, .NET Framework, Internet Explorer, Office, and Windows.
### Vulnerabilities Rated Critical
#### CVE-2017-8463
This is a remote code execution vulnerability related to the way that Windows Explorer handles executable files and shares during rename operations. If exploited this vulnerability could run arbitrary code, users not running as administrators would be less affected. This vulnerability can be triggered via a malicious share folder and malware named with an executable extension.
#### CVE-2017-8584 A remote code execution vul
Zscaler
Zscaler found Multiple Security Vulnerabilities | 07-11-2017
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler found Multiple Security Vulnerabilities | 07-11-2017
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/99388http://www.securitytracker.com/id/1038849https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8605http://www.securityfocus.com/bid/99388http://www.securitytracker.com/id/1038849https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8605
2017-07-11
Published
Exploited in the wild