CVE-2017-8750
published 2017-09-13CVE-2017-8750: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and…
PriorityP273high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
9.20%
94.7th percentile
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability".
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| msrc | internet_explorer_11 | — | — |
| msrc | microsoft_edge | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2017-8750 exploitation arrives via malicious RTF file delivering a VB backdoor; hunt for RTF files spawning VB-based processes or making outbound connections to appswonder[.]info ↗
- →Malicious RTF samples exploiting CVE-2017-8750 are detected under Trend Micro signatures TROJ_CVE201711882.AG and Mal_CVE20170199-2; use these as hunt pivots in AV telemetry ↗
- →The exploit payload (TROJ_POWLOAD.GAA) uses a PowerShell script containing two base64-encoded URLs — one for a decoy document and one for the actual payload; detect base64-encoded dual-URL patterns in PowerShell command lines ↗
- ·The C&C domain appswonder[.]info and referfile[.]com were also reported by Talos in separate campaigns (iOS MDM and VB/Delphi backdoor campaigns), so detections on these domains may fire across multiple threat actor clusters beyond just CVE-2017-8750 exploitation ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck7.5HIGH
vendor_msrc7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Browser Memory Corruption Vulnerability
vendor_msrc·2017-09-12·CVSS 7.5
CVE-2017-8750 [HIGH] Microsoft Browser Memory Corruption Vulnerability
Microsoft Browser Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince
GHSA
GHSA-h4cr-2595-v3p7: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8
ghsa_unreviewed·2022-05-17
CVE-2017-8750 [HIGH] CWE-119 GHSA-h4cr-2595-v3p7: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability".
VulnCheck
Microsoft Internet Explorer Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2017·CVSS 7.5
CVE-2017-8750 [HIGH] Microsoft Internet Explorer Improper Restriction of Operations within the Bounds of a Memory Buffer
Microsoft Internet Explorer Improper Restriction of Operations within the Bounds of a Memory Buffer
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability".
Affected: Microsoft Internet Explorer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.recordedfuture.com/blog/top-vul
No detection rules found.
No public exploits indexed.
Tenable
Cybersecurity Snapshot: 6 Things That Matter Right Now
blogs_tenable·2022-08-19
Cybersecurity Snapshot: 6 Things That Matter Right Now
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Analyzing the Vulnerabilities Associated with the Top Malware Strains of 2021
blogs_tenable·2022-08-04
Analyzing the Vulnerabilities Associated with the Top Malware Strains of 2021
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
How VPR Helped Prioritize the Most Dangerous CVEs in 2019
blogs_tenable·2020-04-30
How VPR Helped Prioritize the Most Dangerous CVEs in 2019
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Trendmicro
Bahamut, Confucius and Patchwork Connected to Urpage
blogs_trendmicro·2018-08-29
Bahamut, Confucius and Patchwork Connected to Urpage
APT & Targeted Attacks
## Bahamut, Confucius and Patchwork Connected to Urpage
We dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius, Patchwork, and Bahamut. For the sake of this report, we will call this unnamed threat actor “Urpage.”
By: Daniel Lunghi, Ecular Xu 2018/08/29 Read time: ( words)
Save to Folio
In the process of monitoring changes in the threat landscape, we get a clearer insight into the way threat actors work behind the schemes. In this case we dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius , Patchwork , and another threat actor called Bahamut . For the sake of this report, we will call this
Trendmicro
Bahamut, Confucius and Patchwork Connected to Urpage
blogs_trendmicro·2018-08-29
Bahamut, Confucius and Patchwork Connected to Urpage
APT & Targeted Attacks
# Bahamut, Confucius and Patchwork Connected to Urpage
We dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius, Patchwork, and Bahamut. For the sake of this report, we will call this unnamed threat actor “Urpage.”
By: Daniel Lunghi, Ecular Xu
2018/08/29
Read time: ( words)
Save to Folio
In the process of monitoring changes in the threat landscape, we get a clearer insight into the way threat actors work behind the schemes. In this case we dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius, Patchwork, and another threat actor called Bahamut. For the sake of this report, we will call this unn
Trendmicro
Bahamut, Confucius and Patchwork Connected to Urpage
blogs_trendmicro·2018-08-29
Bahamut, Confucius and Patchwork Connected to Urpage
APT y ataques dirigidos
## Bahamut, Confucius and Patchwork Connected to Urpage
We dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius, Patchwork, and Bahamut. For the sake of this report, we will call this unnamed threat actor “Urpage.”
By: Daniel Lunghi, Ecular Xu Aug 29, 2018 Read time: ( words)
Save to Folio
In the process of monitoring changes in the threat landscape, we get a clearer insight into the way threat actors work behind the schemes. In this case we dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius , Patchwork , and another threat actor called Bahamut . For the sake of this report, we will call th
Trendmicro
Bahamut, Confucius and Patchwork Connected to Urpage
blogs_trendmicro·2018-08-29
Bahamut, Confucius and Patchwork Connected to Urpage
APT & Targeted Attacks
## Bahamut, Confucius and Patchwork Connected to Urpage
We dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius, Patchwork, and Bahamut. For the sake of this report, we will call this unnamed threat actor “Urpage.”
By: Daniel Lunghi, Ecular Xu Aug 29, 2018 Read time: ( words)
Save to Folio
In the process of monitoring changes in the threat landscape, we get a clearer insight into the way threat actors work behind the schemes. In this case we dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius , Patchwork , and another threat actor called Bahamut . For the sake of this report, we will call thi
Trendmicro
Bahamut, Confucius and Patchwork Connected to Urpage
blogs_trendmicro·2018-08-29
Bahamut, Confucius and Patchwork Connected to Urpage
APT und gezielte Angriffe
## Bahamut, Confucius and Patchwork Connected to Urpage
We dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius, Patchwork, and Bahamut. For the sake of this report, we will call this unnamed threat actor “Urpage.”
By: Daniel Lunghi, Ecular Xu Aug 29, 2018 Read time: ( words)
Save to Folio
In the process of monitoring changes in the threat landscape, we get a clearer insight into the way threat actors work behind the schemes. In this case we dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius , Patchwork , and another threat actor called Bahamut . For the sake of this report, we will call
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day
blogs_trendmicro·2017-09-13·CVSS 6.8
[MEDIUM] September Patch Tuesday Fixes MS Office Zero-Day
## September Patch Tuesday Fixes MS Office Zero-Day
Microsoft has released their monthly security bulletin for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word to potentially allow attackers to execute code on the target system remotely.
By: Ronaldo Mangahas Sep 13, 2017 Read time: ( words)
Save to Folio
Microsoft has released their monthly security bulletin—colloquially known as Patch Tuesday—for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word . CVE-2017-8759 is a .NET Framework Remote Code Execution Vulnerability that allows attackers to execute code on the target system remotely when exploited. The vulnerability is exploited via the use of a spam email tha
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day
blogs_trendmicro·2017-09-13·CVSS 6.8
[MEDIUM] September Patch Tuesday Fixes MS Office Zero-Day
## September Patch Tuesday Fixes MS Office Zero-Day
Microsoft has released their monthly security bulletin for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word to potentially allow attackers to execute code on the target system remotely.
By: Ronaldo Mangahas 2017/09/13 Read time: ( words)
Save to Folio
Microsoft has released their monthly security bulletin—colloquially known as Patch Tuesday—for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word . CVE-2017-8759 is a .NET Framework Remote Code Execution Vulnerability that allows attackers to execute code on the target system remotely when exploited. The vulnerability is exploited via the use of a spam email that
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day
blogs_trendmicro·2017-09-13·CVSS 6.8
[MEDIUM] September Patch Tuesday Fixes MS Office Zero-Day
# September Patch Tuesday Fixes MS Office Zero-Day
Microsoft has released their monthly security bulletin for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word to potentially allow attackers to execute code on the target system remotely.
By: Ronaldo Mangahas
2017/09/13
Read time: ( words)
Save to Folio
Microsoft has released their monthly security bulletin—colloquially known as Patch Tuesday—for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word. CVE-2017-8759 is a .NET Framework Remote Code Execution Vulnerability that allows attackers to execute code on the target system remotely when exploited. The vulnerability is exploited via the use of a spam email that p
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day
blogs_trendmicro·2017-09-13·CVSS 6.8
[MEDIUM] September Patch Tuesday Fixes MS Office Zero-Day
## September Patch Tuesday Fixes MS Office Zero-Day
Microsoft has released their monthly security bulletin for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word to potentially allow attackers to execute code on the target system remotely.
By: Ronaldo Mangahas Sep 13, 2017 Read time: ( words)
Save to Folio
Microsoft has released their monthly security bulletin—colloquially known as Patch Tuesday—for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word . CVE-2017-8759 is a .NET Framework Remote Code Execution Vulnerability that allows attackers to execute code on the target system remotely when exploited. The vulnerability is exploited via the use of a spam email tha
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day
blogs_trendmicro·2017-09-13·CVSS 6.8
[MEDIUM] September Patch Tuesday Fixes MS Office Zero-Day
Exploits & Vulnerabilities
## September Patch Tuesday Fixes MS Office Zero-Day
Microsoft has released their monthly security bulletin for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word to potentially allow attackers to execute code on the target system remotely.
By: Ronaldo Mangahas Sep 13, 2017 Read time: ( words)
Save to Folio
Microsoft has released their monthly security bulletin—colloquially known as Patch Tuesday—for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word . CVE-2017-8759 is a .NET Framework Remote Code Execution Vulnerability that allows attackers to execute code on the target system remotely when exploited. The vulnerability is exploited via
Talos
Microsoft Patch Tuesday - September 2017
blogs_talos·2017-09-12·CVSS 8.1
[HIGH] Microsoft Patch Tuesday - September 2017
## Microsoft Patch Tuesday - September 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 81 new vulnerabilities with 27 of them rated critical, 52 rated important, and 2 rated moderate. These vulnerabilities impact Edge, Hyper-V, Internet Explorer, Office, Remote Desktop Protocol, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more. In addition, Microsoft is also releasing an update for Adobe Flash Player embedded in Edge and Internet Explorer.
Note that the Bluetooth vulnerabilities known as "BlueBorne" that affected Windows have been patched in this latest release. For more information, please refer to CVE-2017-8628.
Talos
Microsoft Patch Tuesday - September 2017
blogs_talos·2017-09-12·CVSS 8.1
[HIGH] Microsoft Patch Tuesday - September 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 81 new vulnerabilities with 27 of them rated critical, 52 rated important, and 2 rated moderate. These vulnerabilities impact Edge, Hyper-V, Internet Explorer, Office, Remote Desktop Protocol, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more. In addition, Microsoft is also releasing an update for Adobe Flash Player embedded in Edge and Internet Explorer.
Note that the Bluetooth vulnerabilities known as "BlueBorne" that affected Windows have been patched in this latest release. For more information, please refer to CVE-2017-8628.
## Vulnerabilities Rated CriticalThe followi
Recorded Future
Microsoft Targeted by 8 of 10 Top Vulnerabilities in 2018 | Recorded Future
blogs_recorded_future
Microsoft Targeted by 8 of 10 Top Vulnerabilities in 2018 | Recorded Future
## Microsoft Targeted by 8 of 10 Top Vulnerabilities in 2018
Click here to download the complete analysis as a PDF.
This analysis focuses on an exploit kit, phishing attack, or remote access trojan co-occurrence with a vulnerability from January 1, 2018 to December 31, 2018. We analyzed thousands of sources, including code repositories, deep web forum postings, and dark web sites. This is a follow-up to our 2017 report , and the intended audience includes information security practitioners, especially those supporting vulnerability risk assessments.
## Executive Summary
Many vulnerability management practitioners face the daunting task of prioritizing vulnerabilities without adequate insight into which vulnerabilities are actively exploited by cybercriminals. Here, we’ll attempt to she
Recorded Future
Microsoft Targeted by 8 of 10 Top Vulnerabilities in 2018
blogs_recorded_future
Microsoft Targeted by 8 of 10 Top Vulnerabilities in 2018
# Microsoft Targeted by 8 of 10 Top Vulnerabilities in 2018
Click here to download the complete analysis as a PDF.
This analysis focuses on an exploit kit, phishing attack, or remote access trojan co-occurrence with a vulnerability from January 1, 2018 to December 31, 2018. We analyzed thousands of sources, including code repositories, deep web forum postings, and dark web sites. This is a follow-up to our 2017 report, and the intended audience includes information security practitioners, especially those supporting vulnerability risk assessments.
### Executive Summary
Many vulnerability management practitioners face the daunting task of prioritizing vulnerabilities without adequate insight into which vulnerabilities are actively exploited by cybercriminals. Here, we’ll attempt to shed
Zscaler
Zscaler found Multiple Security Vulnerabilities | 09-12-2017
blogs_zscaler·CVSS 7.5
[HIGH] Zscaler found Multiple Security Vulnerabilities | 09-12-2017
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/100771http://www.securitytracker.com/id/1039342http://www.securitytracker.com/id/1039343https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8750http://www.securityfocus.com/bid/100771http://www.securitytracker.com/id/1039342http://www.securitytracker.com/id/1039343https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8750
2017-09-13
Published
Exploited in the wild