cbcvebase.
CVE-2017-8671
published 2017-08-08

CVE-2017-8671: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current…

PriorityP269high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
69.28%
99.3th percentile
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8672, and CVE-2017-8674.

Affected

11 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoft_corporationmicrosoft_scripting_engine
msrcmicrosoft_edge_on_windows_10_version_1511_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1703_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1703_for_x64-based_systems
msrcmicrosoft_edge_on_windows_server_2016

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4034674
urlhttps://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4034660
urlhttps://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4034658
  • Detect exploitation of CVE-2017-8671 by monitoring for JavaScript using Proxy on Function.prototype.call followed by a .call() invocation with no additional arguments (e.g., `call.call(f)` where `call` is a Proxy-wrapped Function.prototype.call). This triggers the CallFlags_ExtraArg double-decrement of args.Info.Count to 0 in JavascriptFunction::EntryCall.
  • The vulnerability is triggered in the Chakra scripting engine (Microsoft Edge) when CallFlags_ExtraArg is set and args.Info.Count is decremented to 0 in JavascriptFunction::EntryCall / ArgumentReader::AdjustArguments. Monitor for Edge/Chakra crashes or memory corruption in these code paths.
  • Web-based attack vector: monitor for users being directed to specially crafted websites via Microsoft Edge, or for ActiveX controls marked 'safe for initialization' embedded in Office documents that host the Chakra rendering engine.
  • ·Exploit status at time of advisory: publicly disclosed but not yet observed exploited in the wild; exploitation assessed as 'More Likely' for the latest software release.
  • ·The PoC (Exploit-DB 42475) targets Microsoft Edge's Chakra engine specifically via the Proxy + Function.prototype.call pattern; the vulnerability is scoped to Microsoft Edge on Windows 10 1703.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.