CVE-2017-8658

Опубликовано: 11 авг. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

Ссылки

http://www.securityfocus.com/bid/100036
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658
Patch
Vendor Advisory
http://www.securityfocus.com/bid/100036
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*

Версия до 1.7.0 (включая)

EPSS

Процентиль: 97%

0.36011

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2017-8658

CVSS3: 4.2

msrc

около 8 лет назад

Scripting Engine Memory Corruption Vulnerability

GHSA-8v2h-4jpm-3wfm