CVE-2017-8522

Published: Jun 15, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8524.

Affected (3)

Products: Microsoft: Internet Explorer, Edge

Microsoft

2 products

Internet Explorer

Edge

Configuration A

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 11

Running on/with	Platform Versions
Microsoft Windows 8.1	All versions
Microsoft Windows Rt 8.1	All versions
Microsoft Windows Server 2012	Version r2

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 10

Running on/with	Platform Versions
Microsoft Windows Server 2012	All versions

Configuration C

1 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Microsoft Edge	All versions

Running on/with	Platform Versions
Microsoft Windows 10	All versions
Microsoft Windows 10	Version 1511
Microsoft Windows 10	Version 1607
Microsoft Windows 10	Version 1703
Microsoft Windows Server 2016	All versions