Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2017-0208

Опубликовано: 11 апр. 2017
Источник: msrc
CVSS3: 4.3
EPSS Средний

Описание

Scripting Engine Information Disclosure Vulnerability

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.

The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.

Обновления

ПродуктСтатьяОбновление
Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems
4015221
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems
4015221
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for 32-bit Systems
4015219
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for x64-based Systems
4015219
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems
4015217
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems
4015217
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems
4015583
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems
4015583
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation More Likely

Older Software Release

Exploitation More Likely

EPSS

Процентиль: 94%
0.13842
Средний

4.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2017-0208

CVSS3: 4.3
nvd
около 8 лет назад

An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."

github логотип

GHSA-pjpr-2qqp-gprf

CVSS3: 4.3
github
около 3 лет назад

ChakraCore information disclosure vulnerability

fstec логотип

BDU:2017-01022

fstec
около 8 лет назад

Уязвимость браузера Microsoft Edge, позволяющая нарушителю получить доступ к конфиденциальной информации

EPSS

Процентиль: 94%
0.13842
Средний

4.3 Medium

CVSS3