microsoft.chakracore is vulnerable to remote code execution via memory corruption vulnerability. This happens when an attacker inputs a large numeric or spread array literal to ByteCodeGenerator, leading to an out-of-bounds write. This CVE ID is different from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, and CVE-2017-11916. It also affects and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 .
CPE | Name | Operator | Version |
---|---|---|---|
microsoft.chakracore | le | 1.7.4 | |
microsoft.chakracore.vc140 | le | 1.7.4 |