Scripting Engine Memory Corruption Vulnerability in Microsoft Windows and Internet Explorer
CVE-2017-11912

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Chakracore, Microsoft Edge, Internet Explorer
Vendor
CVE Published:
12 December 2017

Summary

A vulnerability in the ChakraCore scripting engine and Internet Explorer could allow an attacker to execute arbitrary code with the same user rights as the logged-in user. This occurs due to improper handling of objects in memory, potentially exposing systems to unauthorized access and attacks. Exploiting this vulnerability can lead to significant security risks across various versions of Microsoft Windows and its Internet Explorer browser.

Affected Version(s)

ChakraCore, Microsoft Edge, Internet Explorer Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016.

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102092
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039990
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.