CVE-2017-8640
published 2017-08-08CVE-2017-8640: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user…
PriorityP269high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
69.28%
99.3th percentile
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft_corporation | microsoft_scripting_engine | — | — |
| msrc | microsoft_edge_on_windows_10_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1703_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1703_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_server_2016 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered via a specially crafted website or ActiveX control embedded in an Office document targeting Microsoft Edge/Chakra JavaScript engine. Monitor for Edge processes spawning unexpected child processes or accessing sensitive memory regions after visiting untrusted sites. ↗
- →The root cause is misuse of the `PNodeFlags::fpnArguments_overriddenByDecl` flag in Chakra's parser when `buildAST` is false, causing uninitialized `arguments` object. Detection should focus on JavaScript patterns combining destructuring assignment with `let arguments` inside arrow functions followed by `arguments` property access. ↗
- →The parser bug occurs in `Parser::ParseVariableDeclaration` when `m_currentNodeFunc` is used regardless of the `buildAST` flag, potentially corrupting the wrong function's `grfpn` flag. Look for Chakra engine crashes or memory corruption telemetry in Microsoft Edge (Windows 10 1703). ↗
- ·CVE-2017-8640 affects Microsoft Edge on Windows 10 1703 only (older software release listed as N/A). Exploitation is rated 'More Likely' for the latest software release at time of disclosure, but was not observed exploited in the wild at time of publication. ↗
- ·The PoC (Exploit-DB 42476) is titled 'Uninitialized Arguments (1)', suggesting there may be additional variants of this class of vulnerability in the Chakra engine. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g8p9-4pfp-r8v4: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8655 [HIGH] CWE-119 GHSA-g8p9-4pfp-r8v4: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
GHSA
GHSA-jw33-q8g2-4wfm: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8670 [HIGH] CWE-119 GHSA-jw33-q8g2-4wfm: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
GHSA
GHSA-mhjh-m6x5-jvw5: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Micros
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8674 [HIGH] CWE-119 GHSA-mhjh-m6x5-jvw5: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Micros
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8672.
GHSA
GHSA-9q4w-xv93-m563: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the cu
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8672 [HIGH] CWE-119 GHSA-9q4w-xv93-m563: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the cu
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8674.
GHSA
GHSA-6hf6-hm5c-w8wg: Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due t
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8639 [HIGH] CWE-119 GHSA-6hf6-hm5c-w8wg: Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due t
Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
GHSA
GHSA-x77g-74w8-hg5v: Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browse
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8647 [HIGH] CWE-119 GHSA-x77g-74w8-hg5v: Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browse
Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
GHSA
GHSA-w885-jw3g-7qf8: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8641 [HIGH] CWE-119 GHSA-w885-jw3g-7qf8: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
GHSA
GHSA-fpwp-r2g2-q9mp: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the curren
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8640 [HIGH] CWE-119 GHSA-fpwp-r2g2-q9mp: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the curren
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
GHSA
GHSA-pq46-h8gg-4pjh: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the cu
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8671 [HIGH] CWE-119 GHSA-pq46-h8gg-4pjh: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the cu
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8672, and CVE-2017-8674.
GHSA
GHSA-xqp7-4r9c-vqq2: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8656 [HIGH] CWE-119 GHSA-xqp7-4r9c-vqq2: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
GHSA
GHSA-pfrv-7vc2-g369: Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8645 [HIGH] CWE-119 GHSA-pfrv-7vc2-g369: Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user
Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
GHSA
GHSA-5h64-f677-76hx: Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8646 [HIGH] CWE-119 GHSA-5h64-f677-76hx: Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user
Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
GHSA
GHSA-6q9p-g6mq-pjc8: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Micros
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8638 [HIGH] CWE-119 GHSA-6q9p-g6mq-pjc8: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Micros
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
GHSA
GHSA-x64p-468c-m65v: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the cu
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-8657 [HIGH] CWE-119 GHSA-x64p-468c-m65v: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the cu
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
GHSA
GHSA-4f64-6gfv-xcjj: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Micros
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2017-8634 [HIGH] CWE-119 GHSA-4f64-6gfv-xcjj: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Micros
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
GHSA
GHSA-xvj3-97mf-29q5: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2017-8636 [HIGH] CWE-119 GHSA-xvj3-97mf-29q5: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
GHSA
GHSA-9424-w7q3-6p43: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2017-8635 [HIGH] CWE-119 GHSA-9424-w7q3-6p43: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
Microsoft
Scripting Engine Memory Corruption Vulnerability
vendor_msrc·2017-08-08·CVSS 4.2
CVE-2017-8640 [HIGH] Scripting Engine Memory Corruption Vulnerability
Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine. The attacker could also take advantage of compromised websites, and websites that acc
No detection rules found.
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day
blogs_trendmicro·2017-09-13·CVSS 6.8
[MEDIUM] September Patch Tuesday Fixes MS Office Zero-Day
## September Patch Tuesday Fixes MS Office Zero-Day
Microsoft has released their monthly security bulletin for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word to potentially allow attackers to execute code on the target system remotely.
By: Ronaldo Mangahas Sep 13, 2017 Read time: ( words)
Save to Folio
Microsoft has released their monthly security bulletin—colloquially known as Patch Tuesday—for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word . CVE-2017-8759 is a .NET Framework Remote Code Execution Vulnerability that allows attackers to execute code on the target system remotely when exploited. The vulnerability is exploited via the use of a spam email tha
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day
blogs_trendmicro·2017-09-13·CVSS 6.8
[MEDIUM] September Patch Tuesday Fixes MS Office Zero-Day
## September Patch Tuesday Fixes MS Office Zero-Day
Microsoft has released their monthly security bulletin for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word to potentially allow attackers to execute code on the target system remotely.
By: Ronaldo Mangahas 2017/09/13 Read time: ( words)
Save to Folio
Microsoft has released their monthly security bulletin—colloquially known as Patch Tuesday—for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word . CVE-2017-8759 is a .NET Framework Remote Code Execution Vulnerability that allows attackers to execute code on the target system remotely when exploited. The vulnerability is exploited via the use of a spam email that
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day
blogs_trendmicro·2017-09-13·CVSS 6.8
[MEDIUM] September Patch Tuesday Fixes MS Office Zero-Day
# September Patch Tuesday Fixes MS Office Zero-Day
Microsoft has released their monthly security bulletin for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word to potentially allow attackers to execute code on the target system remotely.
By: Ronaldo Mangahas
2017/09/13
Read time: ( words)
Save to Folio
Microsoft has released their monthly security bulletin—colloquially known as Patch Tuesday—for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word. CVE-2017-8759 is a .NET Framework Remote Code Execution Vulnerability that allows attackers to execute code on the target system remotely when exploited. The vulnerability is exploited via the use of a spam email that p
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day
blogs_trendmicro·2017-09-13·CVSS 6.8
[MEDIUM] September Patch Tuesday Fixes MS Office Zero-Day
## September Patch Tuesday Fixes MS Office Zero-Day
Microsoft has released their monthly security bulletin for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word to potentially allow attackers to execute code on the target system remotely.
By: Ronaldo Mangahas Sep 13, 2017 Read time: ( words)
Save to Folio
Microsoft has released their monthly security bulletin—colloquially known as Patch Tuesday—for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word . CVE-2017-8759 is a .NET Framework Remote Code Execution Vulnerability that allows attackers to execute code on the target system remotely when exploited. The vulnerability is exploited via the use of a spam email tha
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day
blogs_trendmicro·2017-09-13·CVSS 6.8
[MEDIUM] September Patch Tuesday Fixes MS Office Zero-Day
Exploits & Vulnerabilities
## September Patch Tuesday Fixes MS Office Zero-Day
Microsoft has released their monthly security bulletin for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word to potentially allow attackers to execute code on the target system remotely.
By: Ronaldo Mangahas Sep 13, 2017 Read time: ( words)
Save to Folio
Microsoft has released their monthly security bulletin—colloquially known as Patch Tuesday—for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word . CVE-2017-8759 is a .NET Framework Remote Code Execution Vulnerability that allows attackers to execute code on the target system remotely when exploited. The vulnerability is exploited via
Talos
Microsoft Patch Tuesday - August 2017
blogs_talos·2017-08-08·CVSS 7.8
[HIGH] Microsoft Patch Tuesday - August 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 48 new vulnerabilities with 25 of them rated critical, 21 rated important, and 2 rated moderate. These vulnerabilities impact Edge, Hyper-V, Internet Explorer, Remote Desktop Protocol, Sharepoint, SQL Server, the Windows Subsystem for Linux, and more. In addition, Microsoft is also releasing an update for Adobe Flash Player embedded in Edge and Internet Explorer.
## Vulnerabilities Rated Critical The following vulnerabilities are rated "critical" by Microsoft:
- CVE-2017-8653 - Microsoft Browser Memory Corruption Vulnerability
- CVE-2017-8669 - Microsoft Browser Memory Corruption Vulnerability
- CVE-2017-866
Talos
Microsoft Patch Tuesday - August 2017
blogs_talos·2017-08-08·CVSS 7.8
[HIGH] Microsoft Patch Tuesday - August 2017
## Microsoft Patch Tuesday - August 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 48 new vulnerabilities with 25 of them rated critical, 21 rated important, and 2 rated moderate. These vulnerabilities impact Edge, Hyper-V, Internet Explorer, Remote Desktop Protocol, Sharepoint, SQL Server, the Windows Subsystem for Linux, and more. In addition, Microsoft is also releasing an update for Adobe Flash Player embedded in Edge and Internet Explorer.
## Vulnerabilities Rated Critical The following vulnerabilities are rated "critical" by Microsoft:
CVE-2017-8653 - Microsoft Browser Memory Corruption Vulnerability
CVE-2017-8669 - Microsoft Browser Memory
http://www.securityfocus.com/bid/100051http://www.securitytracker.com/id/1039095https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8640https://www.exploit-db.com/exploits/42476/http://www.securityfocus.com/bid/100051http://www.securitytracker.com/id/1039095https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8640https://www.exploit-db.com/exploits/42476/
2017-08-08
Published