CVE-2017-0238

Опубликовано: 12 мая 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 7.6

EPSS Средний

Описание

A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0236.

Ссылки

http://www.securityfocus.com/bid/98237
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0238
Patch
Vendor Advisory
http://www.securityfocus.com/bid/98237
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0238
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.23478

Средний

7.5 High

CVSS3

7.6 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2017-0238

CVSS3: 4.2

msrc

около 8 лет назад

Microsoft Edge Memory Corruption Vulnerability

GHSA-qq3m-4q48-2854