Memory Corruption in Microsoft Edge on Windows Platforms
CVE-2017-8603

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Windows 10 Gold, 1511, 1607, And 1703, And Windows Server 2016
Vendor
CVE Published:
11 July 2017

Summary

A flaw in the JavaScript engine of Microsoft Edge allows attackers to execute arbitrary code in the context of the current user. This occurs when the engine improperly handles objects in memory, potentially leading to severe security breaches. Users of Windows 10 versions 1511, 1607, and 1703, as well as Windows Server 2016, are particularly at risk as a result of this vulnerability. The issue highlights critical vulnerabilities associated with browser engines that require immediate attention to safeguard user data and system integrity.

Affected Version(s)

Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Microsoft Edge

References

http://www.securitytracker.com/id/1038849
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99406
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-us/security-guidance...
x_refsource_CONFIRM

EPSS Score

53% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.