ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka âScripting Engine Information Disclosure Vulnerabilityâ. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.
github.com/chakra-core/ChakraCore
github.com/chakra-core/ChakraCore/commit/9a3ad7ccba1fae1549e21369982d59d45a2ab6cf
github.com/chakra-core/ChakraCore/pull/3917
nvd.nist.gov/vuln/detail/CVE-2017-11797
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11797
web.archive.org/web/20210124110143/www.securityfocus.com/bid/101145