Vulnerability Name: CVE-2017-8653 (CCN-129388) Assigned: 2017-08-08 Published: 2017-08-08 Updated: 2017-08-15 Summary: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly accessing objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8669 . CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
4.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N 3.7 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
3.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-119 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2017-8653 100059 Microsoft Internet Explorer CVE-2017-8653 Remote Memory Corruption Vulnerability 1039094 1039095 ms-browsers-cve20178653-code-exec(129388) Microsoft Browser Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8653 Microsoft Internet Explorer SVG Layout Uninitialized Memory Remote Code Execution Vulnerability Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:edge:*:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:9:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:10:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:11:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1511:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1703:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:*:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:internet_explorer:9:*:*:*:*:*:*:* OR cpe:/a:microsoft:ie:10:*:*:*:*:*:*:* OR cpe:/a:microsoft:edge:*:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_7:-:sp1:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_7:*:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_10:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* BACK
microsoft edge *
microsoft internet explorer 9
microsoft internet explorer 10
microsoft internet explorer 11
microsoft windows 10 -
microsoft windows 10 1511
microsoft windows 10 1607
microsoft windows 10 1703
microsoft windows 7 * sp1
microsoft windows 8.1 *
microsoft windows rt 8.1 *
microsoft windows server 2008 * sp2
microsoft windows server 2008 r2 sp1
microsoft windows server 2012 *
microsoft windows server 2012 r2
microsoft windows server 2016 *
microsoft ie 9
microsoft ie 10
microsoft edge *
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows 7 - sp1
microsoft windows 7 * sp1
microsoft windows server 2008 r2
microsoft windows server 2012
microsoft windows 8.1 - -
microsoft windows 8.1 *
microsoft windows server 2012 r2
microsoft windows rt 8.1 *
microsoft windows 10 -
microsoft windows 10 *
microsoft windows server 2016
Denotes that component is vulnerable