CVE-2017-11837

Name of the Vulnerable Software and Affected Versions Microsoft Edge versions (affected versions not specified) Internet Explorer versions (affected versions not specified) ChakraCore versions (affected versions not specified)

Description A remote code execution issue exists due to improper handling of objects in memory by the scripting engine. This could allow an attacker to corrupt memory, enabling the execution of arbitrary code in the context of the current user. If the user has administrative rights, the attacker could gain control of the system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Edge, update to a version that includes the fix for this issue. For Internet Explorer, update to a version that includes the fix for this issue. For ChakraCore, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or documents until a patch is available. Avoid using the vulnerable scripting engine functionality in Microsoft browsers until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.