CVE-2017-8757Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Microsoft Edge

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents6 sources
Severity
7.5HIGHNVD
EPSS
27.9%
top 3.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Microsoft Corporation Microsoft EdgeMsrc Microsoft Edge ON Windows 10 FOR 32-bit SystemsMsrc Microsoft Edge ON Windows 10 FOR X64-based Systems+7 more
Timeline
PublishedSep 13
Latest updateMay 17

Description

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages10 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-2c3h-4fgc-gvj3: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of2022-05-17

📋Vendor Advisories

1
Microsoft
Microsoft Edge Memory Corruption Vulnerability2017-09-12

🕵️Threat Intelligence

8
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day2017-09-13
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day2017-09-13
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day2017-09-13
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day2017-09-13
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day2017-09-13
CVE-2017-8757 — HIGH severity | cvebase