Scripting Engine Memory Corruption Vulnerability in Microsoft Windows and Internet Explorer
CVE-2017-11895

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Chakracore, Microsoft Edge, Internet Explorer
Vendor
CVE Published:
12 December 2017

Summary

This vulnerability affects the scripting engine in various Microsoft Windows versions and Internet Explorer, allowing attackers to exploit memory handling flaws. By manipulating how the scripting engine processes objects, an attacker could potentially execute code with the same permissions as the current user. This could lead to unauthorized actions within the system, making it essential for users to apply any available patches and updates to mitigate risks associated with this vulnerability.

Affected Version(s)

ChakraCore, Microsoft Edge, Internet Explorer Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016.

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039990
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1039991
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.