Vulnerability Name: CVE-2017-11827 (CCN-134236) Assigned: 2017-11-14 Published: 2017-11-14 Updated: 2022-05-23 Summary: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.1 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-119 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2017-11827 101703 Microsoft Internet Explorer and Edge CVE-2017-11827 Remote Memory Corruption Vulnerability 1039780 1039781 ms-browsers-cve201711827-code-exec(134236) Microsoft Browser Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11827 Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:internet_explorer:11:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* Configuration 2 :cpe:/a:microsoft:edge:-:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:11:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:1511:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1703:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1709:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server:1709:*:*:*:*:*:*:* Configuration 3 :cpe:/a:microsoft:internet_explorer:10:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:ie:10:*:*:*:*:*:*:* OR cpe:/a:microsoft:edge:*:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_7:-:sp1:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_7:*:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_10:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* BACK
microsoft internet explorer 11
microsoft windows server 2012 r2
microsoft windows server 2008 -
microsoft windows 8.1 -
microsoft windows server 2008 r2 sp1
microsoft windows 7 - sp1
microsoft windows rt 8.1 -
microsoft edge -
microsoft internet explorer 11
microsoft windows 10 1511
microsoft windows 10 1607
microsoft windows server 2016 -
microsoft windows 10 1703
microsoft windows 10 -
microsoft windows 10 1709
microsoft windows server 1709
microsoft internet explorer 10
microsoft windows server 2012 *
microsoft ie 10
microsoft edge *
microsoft windows 7 - sp1
microsoft windows 7 * sp1
microsoft windows server 2008 r2
microsoft windows server 2012
microsoft windows 8.1 - -
microsoft windows 8.1 *
microsoft windows server 2012 r2
microsoft windows rt 8.1 *
microsoft windows 10 -
microsoft windows 10 *
microsoft windows server 2016
Denotes that component is vulnerable