CVE-2017-11918

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-11918
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11918.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-11918
Published
2017-12-12T21:29:01.790Z
Modified
2026-04-10T03:59:31.291466Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, and CVE-2017-11930.

References

Affected packages

Git / github.com/microsoft/chakracore

Affected ranges

Type
GIT
Repo
https://github.com/microsoft/chakracore
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f5ab04247ecb41cf16864998a06fcf8ac633be95
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.7.5"
        }
    ]
}

Affected versions

v1.*
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11918.json"