CVE-2017-11914

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-11914

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11914.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-11914

Aliases

GHSA-8r5c-8v97-g7vh

Published

2017-12-12T21:29:01Z

Modified

2024-05-15T00:56:49.703271Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.

References

Affected packages

Git / github.com/microsoft/chakracore

Affected ranges

Type: GIT
Repo: https://github.com/microsoft/chakracore
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f5ab04247ecb41cf16864998a06fcf8ac633be95

Affected versions

v1.*

v1.2.0.0

v1.2.1

v1.2.2

v1.2.3

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.6.0

v1.6.1

v1.6.2

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.7.4