CVE-2017-8646

🗓️ 08 Aug 2017 21:00:00Reported by microsoftType

Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory

Reporter	Title	Published	Views	Family All 39
0day.today	Microsoft Edge Chakra PushPopFrameHelper Incorrect Usage Exploit	17 Aug 201700:00	–	zdt
Circl	CVE-2017-8646	17 Aug 201700:00	–	circl
CNVD	Microsoft Windows Edge JavaScript Engine Remote Code Execution Vulnerability	9 Aug 201700:00	–	cnvd
Check Point Advisories	Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8646)	28 Aug 201700:00	–	checkpoint_advisories
Cvelist	CVE-2017-8646	8 Aug 201721:00	–	cvelist
Microsoft KB	August 8, 2017—KB4034658 (OS Build 14393.1593)	8 Aug 201707:00	–	mskb
Microsoft KB	August 8, 2017—KB4034660 (OS Build 10586.1045)	8 Aug 201707:00	–	mskb
Microsoft KB	August 8, 2017—KB4034674 (OS Build 15063.540)	8 Aug 201707:00	–	mskb
Kaspersky	KLA11084 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer	8 Aug 201700:00	–	kaspersky
Microsoft CVE	Scripting Engine Memory Corruption Vulnerability	8 Aug 201707:00	–	mscve

NVD

Node

microsoft edge

AND

microsoft windows_10Match1511

microsoft windows_10Match1607

microsoft windows_10Match1703

microsoft windows_server_2016

[
  {
    "product": "Microsoft Scripting Engine",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Windows 10 1511, 1607, 1703, and Windows Server 2016."
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/100053
exploit-db	www.exploit-db.com/exploits/42470/
securitytracker	www.securitytracker.com/id/1039095
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646

13 May 2026 00:24Current

7.8High risk

Vulners AI Score7.8

CVSS 37.5

CVSS 27.6

EPSS0.81883

CWE-119