CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
81.4%
ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | chakracore | * | cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-c79v-2rjq-965m
github.com/chakra-core/ChakraCore/commit/b3e3959d14814f42ee2197c504c322bcbe12347d
github.com/chakra-core/ChakraCore/pull/3727
github.com/chakra-core/ChakraCore/pull/3727/commits/b3e3959d14814f42ee2197c504c322bcbe12347d
msrc.microsoft.com/update-guide/en-US/advisory/CVE-2017-11767
nvd.nist.gov/vuln/detail/CVE-2017-11767
web.archive.org/web/20210124103810/www.securityfocus.com/bid/100838
web.archive.org/web/20211127230635/www.securitytracker.com/id/1039369
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
81.4%