PT-2017-12307 · Microsoft+2 · Chakracore+1

Publicado

2017-12-12

Atualizado

2022-05-17

CVE-2017-11916

CVSS v2.0

7.6

Alta

Vetor

AV:N/AC:H/Au:N/C:C/I:C/A:C

ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2017-11916

GHSA-5F5R-65PM-R3WR

Produtos afetados

Chakracore

Microsoft.Chakracore

PT-2017-12307 · Microsoft+2 · Chakracore+1

CVE-2017-11916

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8