CVE-2017-8625
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability".
Internet Explorer en Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite que un atacante eluda las políticas Device Guard User Mode Code Integrity (UCMI) debido a que Internet Explorer no valida las políticas UMCI. Esto también se conoce como "Internet Explorer Security Feature Bypass Vulnerability".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-05-03 CVE Reserved
- 2017-08-08 CVE Published
- 2024-08-20 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/100063 | Third Party Advisory | |
| http://www.securitytracker.com/id/1039112 | Third Party Advisory | |
| https://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625 |
| URL | Date | SRC |
|---|---|---|
| https://posts.specterops.io/umci-vs-internet-explorer-exploring-cve-2017-8625-3946536c6442 | 2024-09-16 |
| URL | Date | SRC |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625 | 2023-10-25 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 11 Search vendor "Microsoft" for product "Internet Explorer" and version "11" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | - | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 11 Search vendor "Microsoft" for product "Internet Explorer" and version "11" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 1511 Search vendor "Microsoft" for product "Windows 10" and version "1511" | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 11 Search vendor "Microsoft" for product "Internet Explorer" and version "11" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 1607 Search vendor "Microsoft" for product "Windows 10" and version "1607" | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 11 Search vendor "Microsoft" for product "Internet Explorer" and version "11" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | - | - |
Safe
|