High severity7.5NVD Advisory· Published Jun 15, 2017· Updated May 13, 2026

CVE-2017-8524

Description

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8522.

Affected products

Microsoft/Edge
cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
Microsoft/Internet Explorer
cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*
Microsoft/Microsoft browsersllm-create
Microsoft Corporation/Microsoft browsersv5
Range: Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8524nvdPatchVendor Advisory
www.securityfocus.com/bid/98930nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038673nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.011
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000