CVE-2017-0223

9.8CRITICAL

Key Information:

Vendor: Microsoft
Status: Chakra Core
Vendor: CVE Published:; 15 May 2017

Summary

A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0252.

Affected Version(s)

Chakra Core

References

https://github.com/Microsoft/ChakraCore/pull/2959

x_refsource_CONFIRM

http://www.securitytracker.com/id/1038425

vdb-entryx_refsource_SECTRACK

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 15, 2017
Vulnerability Reserved
Sep 9, 2016

Collectors

NVD DatabaseMitre Database