Vulnerability of the JavaScript ChakraCore kernel and Microsoft Edge browsers, caused by operations beyond the buffer in memory, allowing attackers to gain control of the current user’s rights

🗓️ 18 Jan 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Memory boundary overflow in ChakraCore and Edge lets remote attackers gain the current user's privileges.

Reporter	Title	Published	Views	Family All 64
0day.today	Microsoft Edge Chakra JIT GlobOpt::OptTagChecks Property Consideration Exploit	26 Nov 201700:00	–	zdt
ATTACKERKB	CVE-2017-11841	15 Nov 201703:29	–	attackerkb
ATTACKERKB	CVE-2017-11861	15 Nov 201703:29	–	attackerkb
ATTACKERKB	CVE-2017-11846	15 Nov 201703:29	–	attackerkb
ATTACKERKB	CVE-2017-11840	15 Nov 201703:29	–	attackerkb
ATTACKERKB	CVE-2017-11871	15 Nov 201703:29	–	attackerkb
ATTACKERKB	CVE-2017-11858	15 Nov 201703:29	–	attackerkb
ATTACKERKB	CVE-2017-11837	15 Nov 201703:29	–	attackerkb
ATTACKERKB	CVE-2017-11866	15 Nov 201703:29	–	attackerkb
ATTACKERKB	CVE-2017-11870	15 Nov 201703:29	–	attackerkb

Source	Link
securityfocus	www.securityfocus.com/bid/101734
securitytracker	www.securitytracker.com/id/1039780
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11840
exploit-db	www.exploit-db.com/exploits/43183/
web	www.web.nvd.nist.gov/view/vuln/detail
exploit-db	www.exploit-db.com/exploits/43183/

23 Mar 2021 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 37.5

CVSS 27.6

EPSS0.59642

ChakraCore Microsoft Edge Memory overflow Buffer overflow Remote attacker Privilege escalation Current user