Vulnerability Description
Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8607, and CVE-2017-8609
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Edge | All versions |
| Microsoft | Internet Explorer | 9 |
| Microsoft | Windows 10 | - |
| Microsoft | Windows 8.1 | All versions |
| Microsoft | Windows Rt 8.1 | All versions |
| Microsoft | Windows Server 2008 | All versions |
| Microsoft | Windows Server 2012 | All versions |
| Microsoft | Windows Server 2016 | All versions |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99412Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038848Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038849Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8608PatchVendor Advisory
- http://www.securityfocus.com/bid/99412Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038848Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038849Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8608PatchVendor Advisory
FAQ
What is CVE-2017-8608?
CVE-2017-8608 is a vulnerability with a CVSS score of 7.5 (HIGH). Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker...
How severe is CVE-2017-8608?
CVE-2017-8608 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8608?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Edge, Microsoft Internet Explorer, Microsoft Windows 10, Microsoft Windows 8.1, Microsoft Windows Rt 8.1.