CVE-2017-8659

4.3MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Scripting Engine
Vendor: CVE Published:; 8 August 2017

Summary

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

Affected Version(s)

Microsoft Scripting Engine Microsoft Windows 10 1703.

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/100029

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1039095

vdb-entryx_refsource_SECTRACK

EPSS Score

2% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2017
Vulnerability Reserved
May 3, 2017

Collectors

NVD DatabaseMitre Database

.