CVE-2017-11890

CVE Database · CVE-2017-11890

CVE-2017-11890

· N/AModified

CVSS v3.1

N/A

EPSS

49.40%

Published

Dec 12, 2017

Modified

May 12, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Windows - 'jscript!RegExpComp::Compile' Heap Overflow Through IE or Local Network via WPAD TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.

Weaknesses (CWE)

CWE-119

Affected Products (16)

microsoft · internet_explorervulnerable

microsoft · windows_10

microsoft · windows_7

microsoft · windows_8.1

microsoft · windows_rt_8.1

microsoft · windows_server_2008

microsoft · windows_server_2012

microsoft · windows_server_2016

microsoft · internet_explorer