cbcvebase.
CVE-2017-8641
published 2017-08-08

CVE-2017-8641: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511…

PriorityP271high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
71.61%
99.3th percentile
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

Affected

8 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoft_corporationmicrosoft_scripting_engine
msrcinternet_explorer_10
msrcinternet_explorer_11
msrcinternet_explorer_9
msrcmicrosoft_edge

Detection & IOCsextracted from sources · hover to see the quote

processchakra!utf8::EncodeIntoImpl+0xb5
commandsize_t cbUtf8Buffer = (cchSource + 1) * 3; //OVERFLOW when cchSource large enough!!!
  • The vulnerability is triggered through Microsoft browser JavaScript engines (chakra.dll / JScript9) via a web-based attack; monitor for specially crafted websites or ActiveX controls marked 'safe for initialization' embedding the rendering engine.
  • ·The integer overflow occurs only when cchSource is large enough that (cchSource+1)*3 wraps a size_t, so triggering conditions require a very large eval() source string; normal-sized scripts are not affected.
  • ·Exploit-DB entry 42465 covers chakra!Js::GlobalObject integer overflow (CVE-2017-8641); the NVD DOC 1 URL references CVE-2017-8634 (a distinct but related Scripting Engine Memory Corruption CVE), so IOCs from the crash trace are specific to the chakra DefaultEvalHelper/EncodeIntoImpl code path.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.