Scripting Engine Security Feature Bypass Vulnerability in Microsoft Edge
CVE-2017-8637

5.3MEDIUM

Key Information:

Vendor
Microsoft
Status
Microsoft Scripting Engine
Vendor
CVE Published:
8 August 2017

Summary

The vulnerability allows an attacker to bypass Arbitrary Code Guard (ACG) protections in Microsoft Edge due to a flaw in how the browser accesses memory within its Just-In-Time (JIT) compiled code. This could enable attackers to execute arbitrary code in the context of the user, potentially leading to unauthorized actions or data compromise.

Affected Version(s)

Microsoft Scripting Engine Microsoft Windows 10 1703.

References

http://www.securityfocus.com/bid/100045
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039095
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.