ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory. This could be exploited using write-AV when writing to a slot of a JavaScript null scope object.

This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11871, and CVE-2017-11873.

References

github.com/chakra-core/ChakraCore

github.com/chakra-core/ChakraCore/commit/b44ee8300ae03026d3c39cdbbfd32d410ac187f6

github.com/chakra-core/ChakraCore/pull/4226

nvd.nist.gov/vuln/detail/CVE-2017-11870

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11870

web.archive.org/web/20210516131515/www.securityfocus.com/bid/101731

web.archive.org/web/20210517135249/www.securitytracker.com/id/1039780

www.exploit-db.com/exploits/43182

prion 16

cvelist 16

cve 17

nvd 16

github 3

osv 2

veracode 1

openvas 9

kaspersky 2

nessus 9

mskb 9

qualysblog 1

threatpost 1

thn 1

talosblog 1

trendmicroblog 1

mscve 16

symantec 16

seebug 6

checkpoint_advisories 11

exploitdb 6

packetstorm 6

zdt 5

zdi 4

prion

Memory corruption

2017-11-15 03:29:00

Memory corruption

2017-11-15 03:29:00

Memory corruption

2017-11-15 03:29:00

cvelist

CVE-2017-11858

2017-11-15 03:00:00

CVE-2017-11871

2017-11-15 03:00:00

CVE-2017-11838

2017-11-15 03:00:00

cve

CVE-2017-11870

2017-11-15 03:29:01

CVE-2017-11866

2017-11-15 03:29:01

CVE-2017-11871

2017-11-15 03:29:01

nvd

CVE-2017-11841

2017-11-15 03:29:00

CVE-2017-11870

2017-11-15 03:29:01

CVE-2017-11871

2017-11-15 03:29:01

github

Chakra Core vulnerable to privilege escalation due to type confusion

2022-05-17 00:19:55

Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects

2022-05-17 00:19:55

Chakra Core vulnerable to privilege escalation due to reading an invalid pointer

2022-05-17 00:19:54

osv

Chakra Core vulnerable to privilege escalation due to reading an invalid pointer

2022-05-17 00:19:54

Chakra Core vulnerable to privilege escalation due to type confusion

2022-05-17 00:19:55

veracode

Remote Code Execution (RCE)

2018-12-03 05:21:16

openvas

Microsoft Windows Multiple Vulnerabilities (KB4048955)

2017-11-15 00:00:00

Microsoft Windows Multiple Vulnerabilities (KB4048952)

2017-11-15 00:00:00

Microsoft Windows Multiple Vulnerabilities (KB4048954)

2017-11-15 00:00:00

kaspersky

KLA11140 Multiple vulnerabilities in Microsoft Edge and Internet Explorer

2017-11-14 00:00:00

KLA11855 Multiple vulnerabilities in Microsoft Products (ESU)

2017-11-14 00:00:00

nessus

KB4048955: Windows 10 Version 1709 and Windows Server Version 1709 November 2017 Cumulative Update

2017-11-14 00:00:00

Security Updates for Internet Explorer (November 2017)

2017-11-30 00:00:00

KB4048954: Windows 10 Version 1703 November 2017 Cumulative Update

2017-11-14 00:00:00

mskb

November 14, 2017—KB4048955 (OS Build 16299.64)

2017-11-14 08:00:00

Cumulative security update for Internet Explorer: November 14, 2017

2017-11-14 08:00:00

November 14, 2017—KB4048953 (OS Build 14393.1884)

2017-11-14 08:00:00

qualysblog

November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update

2017-11-14 19:37:26

threatpost

Microsoft November Patch Tuesday Fixes 20 Critical Vulnerabilities

2017-11-14 17:10:48

thn

Patch Tuesday: Microsoft Releases Update to Fix 53 Vulnerabilities

2017-11-14 20:46:00

talosblog

Microsoft Patch Tuesday - November 2017

2017-11-14 11:54:00

trendmicroblog

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of November 13, 2017

2017-11-17 16:46:19

mscve

Scripting Engine Memory Corruption Vulnerability

2017-11-14 08:00:00

Scripting Engine Memory Corruption Vulnerability

2017-11-14 08:00:00

Scripting Engine Memory Corruption Vulnerability

2017-11-14 08:00:00

symantec

Microsoft Edge Scripting Engine CVE-2017-11862 Remote Memory Corruption Vulnerability

2017-11-14 00:00:00

Microsoft Edge Scripting Engine CVE-2017-11839 Remote Memory Corruption Vulnerability

2017-11-14 00:00:00

Microsoft Internet Explorer and Edge CVE-2017-11838 Remote Memory Corruption Vulnerability

2017-11-14 00:00:00

seebug

Microsoft Edge: Chakra: JIT: Incorrect function declaration scope(CVE-2017-11870)

2017-12-04 00:00:00

Microsoft Edge: Chakra: JIT: Bailouts must be generated for OP_Memset(CVE-2017-11873)

2017-11-16 00:00:00

Microsoft Edge: Chakra: JIT: Incorrect integer overflow check in Lowerer::LowerBoundCheck(CVE-2017-11861)

2017-11-16 00:00:00

checkpoint_advisories

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11870)

2017-11-28 00:00:00

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11873)

2017-11-14 00:00:00

Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-11843)

2017-11-14 00:00:00

exploitdb

Microsoft Edge Chakra: JIT - 'OP_Memset' Type Confusion

2017-11-16 00:00:00

Microsoft Edge Chakra JIT - 'BailOutOnTaggedValue' Bailouts Type Confusion

2017-11-27 00:00:00

Microsoft Edge Chakra JIT - Incorrect Function Declaration Scope

2017-11-27 00:00:00

packetstorm

Microsoft Edge Chakra JIT Incorrect Function Declaration Scope

2017-11-25 00:00:00

Microsoft Edge Chakra JIT Bailout Generation

2017-11-16 00:00:00

Microsoft Edge Charka JIT Incorrect Check

2017-11-16 00:00:00

zdt

Microsoft Edge Chakra JIT Incorrect Function Declaration Scope Exploit

2017-11-26 00:00:00

Microsoft Edge Chakra JIT BailOutOnTaggedValue Bailouts Exploit

2017-11-26 00:00:00

Microsoft Edge Chakra JIT - OP_Memset Type Confusion Exploit

2017-11-17 00:00:00

zdi

Microsoft Windows VBScript Join Function Integer Overflow Remote Code Execution Vulnerability

2017-11-20 00:00:00

Microsoft Windows JavaScript Typed Array JIT Optimization Use-After-Free Remote Code Execution Vulnerability

2018-03-23 00:00:00

Microsoft Chakra Typed Array JIT Optimization Use-After-Free Remote Code Execution Vulnerability

2018-04-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.935

Percentile

99.2%

JSON

Related for OSV:GHSA-9F2P-WM46-6M5F