CVE-2017-8659

Опубликовано: 08 авг. 2017

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Средний

Описание

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

Ссылки

http://www.securityfocus.com/bid/100029
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039095
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8659
Patch
Vendor Advisory
http://www.securityfocus.com/bid/100029
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039095
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8659
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.12825

Средний

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2017-8659

CVSS3: 4.3

msrc

около 8 лет назад

Scripting Engine Information Disclosure Vulnerability

GHSA-h6m7-jphx-f9p5

CVSS3: 4.3

github

больше 3 лет назад

ChakraCore information disclosure vulnerability

EPSS

Процентиль: 94%

0.12825

Средний

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200