CVE-2017-8637

5.3MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Scripting Engine
Vendor: CVE Published:; 8 August 2017

Summary

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Scripting Engine Security Feature Bypass Vulnerability".

Affected Version(s)

Microsoft Scripting Engine Microsoft Windows 10 1703.

References

http://www.securityfocus.com/bid/100045

vdb-entryx_refsource_BID

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1039095

vdb-entryx_refsource_SECTRACK

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2017
Vulnerability Reserved
May 3, 2017

Collectors

NVD DatabaseMitre Database

.