CVE-2017-8625

Опубликовано: 08 авг. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Высокий

Описание

Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability".

Ссылки

http://www.securityfocus.com/bid/100063
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039112
Third Party Advisory
VDB Entry
https://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625
Patch
Vendor Advisory
https://posts.specterops.io/umci-vs-internet-explorer-exploring-cve-2017-8625-3946536c6442
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/100063
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039112
Third Party Advisory
VDB Entry
https://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625
Patch
Vendor Advisory
https://posts.specterops.io/umci-vs-internet-explorer-exploring-cve-2017-8625-3946536c6442
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.70318

Высокий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-276

Связанные уязвимости

CVE-2017-8625

CVSS3: 5.3

msrc

почти 8 лет назад

Internet Explorer Security Feature Bypass Vulnerability

GHSA-g2g5-8m5m-xmqg