Vulnerability Name: CVE-2017-8522 (CCN-126788) Assigned: 2017-06-13 Published: 2017-06-13 Updated: 2019-03-19 Summary: Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8524 . CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.1 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-119 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2017-8522 98926 Microsoft Internet Explorer and Microsoft Edge CVE-2017-8522 Remote Memory Corruption Vulnerability 1038673 ms-browsers-cve20178522-code-exec(126788) Security Update Guide - June 2017 Security Release https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8522 CVE-2017-8522 Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:internet_explorer:11:-:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1511:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1703:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* Configuration 2 :cpe:/a:microsoft:internet_explorer:10:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* Configuration 3 :cpe:/a:microsoft:edge:-:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1511:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1703:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:internet_explorer:10:-:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:11:-:*:*:*:*:*:* OR cpe:/a:microsoft:edge:-:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_7:-:sp1:*:*:ultimate_n:*:x86:* OR cpe:/o:microsoft:windows_7::sp1:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:::~~~~x64~:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_10:::~~~~x64~:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* BACK
microsoft internet explorer 11 -
microsoft windows 10 -
microsoft windows 10 1511
microsoft windows 10 1607
microsoft windows 10 1703
microsoft windows 8.1 -
microsoft windows rt 8.1 -
microsoft windows server 2012 -
microsoft windows server 2012 r2
microsoft windows server 2016 -
microsoft internet explorer 10
microsoft windows server 2012 -
microsoft edge -
microsoft windows 10 -
microsoft windows 10 1511
microsoft windows 10 1607
microsoft windows 10 1703
microsoft windows server 2016 -
microsoft internet explorer 10 -
microsoft internet explorer 11 -
microsoft edge -
microsoft windows 7 - sp1
microsoft windows 7 sp1
microsoft windows server 2008 r2
microsoft windows server 2012
microsoft windows 8.1 - -
microsoft windows 8.1
microsoft windows server 2012 r2
microsoft windows rt 8.1 -
microsoft windows 10 -
microsoft windows 10
microsoft windows server 2016
Denotes that component is vulnerable