|
ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821.
Publish Date : 2017-10-13 Last Update Date : 2017-10-20
-
CVSS Scores & Vulnerability Types
| CVSS Score |
9.3 |
| Confidentiality Impact |
Complete
(There is total information disclosure, resulting in all system files being revealed.) |
| Integrity Impact |
Complete
(There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) |
| Availability Impact |
Complete
(There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) |
| Access Complexity |
Medium
(The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) |
| Authentication |
Not required
(Authentication is not required to exploit the vulnerability.) |
| Gained Access |
None |
| Vulnerability Type(s) |
Execute CodeOverflowMemory corruption |
| CWE ID |
119 |
|
|
-
Products Affected By CVE-2017-11812
| # |
Product Type |
Vendor |
Product |
Version |
Update |
Edition |
Language |
|
|
No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days. |
-
References For CVE-2017-11812
|
|
