Security restrictions bypass in Microsoft Edge - CVE-2017-8637
Published: August 8, 2017 / Updated: August 8, 2017
Vulnerability identifier: #VU7715
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8637
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Edge
Microsoft Edge
Detailed vulnerability description
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists in Microsoft Edge due to how memory is accessed in code compiled by the Edge Just-In-Time (JIT) compiler. A local attacker can visit a specially crafted website and bypass Arbitrary Code Guard (ACG).
Successful exploitation of the vulnerability may result in further attacks.
The weakness exists in Microsoft Edge due to how memory is accessed in code compiled by the Edge Just-In-Time (JIT) compiler. A local attacker can visit a specially crafted website and bypass Arbitrary Code Guard (ACG).
Successful exploitation of the vulnerability may result in further attacks.
How to mitigate CVE-2017-8637
Install updates from vendor's website.