What is CVE-2017-8625?

CVE-2017-8625 is a high-severity vulnerability in Microsoft Internet_explorer, classified under Incorrect Default Permissions. CVSS score: 8.8/10. Published 2017-08-08.

How severe is CVE-2017-8625?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2017-8625 known to be exploited?

90 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Internet_explorer

CVE-2017-8625

Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Ex…

EPSS: 0.698 (98.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Microsoft Internet_explorer — versions 11
Microsoft Windows_10 — versions 1511, 1607
Microsoft Windows_server_2016
Microsoft Corporation Internet Explorer — versions Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.

Weakness classification (CWE)

CWE-276 — Incorrect Default Permissions

Public proof-of-concept exploits

References

secure@microsoft.com (Patch, Vendor Advisory)
secure@microsoft.com (Exploit, Third Party Advisory)
secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry)
secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry)
secure@microsoft.com

Frequently asked questions

What is CVE-2017-8625?: CVE-2017-8625 is a high-severity vulnerability in Microsoft Internet_explorer, classified under Incorrect Default Permissions. CVSS score: 8.8/10. Published 2017-08-08.
How severe is CVE-2017-8625?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2017-8625 known to be exploited?: 90 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.