CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS
Percentile
85.8%
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the userâs system due to the Chakra scripting engine not properly handling objects in memory, aka âScripting Engine Information Disclosure Vulnerabilityâ.
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | chakracore | * | cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-h6m7-jphx-f9p5
github.com/chakra-core/ChakraCore/commit/2500e1cdc12cb35af73d5c8c9b85656aba6bab4d
github.com/chakra-core/ChakraCore/pull/3509
nvd.nist.gov/vuln/detail/CVE-2017-8659
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8659
web.archive.org/web/20210612224703/www.securityfocus.com/bid/100029
web.archive.org/web/20211127144809/www.securitytracker.com/id/1039095
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS
Percentile
85.8%