4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.013 Low
EPSS
Percentile
85.6%
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the userâs system due to the Chakra scripting engine not properly handling objects in memory, aka âScripting Engine Information Disclosure Vulnerabilityâ.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft.chakracore | lt | 1.6.1 |
github.com/advisories/GHSA-h6m7-jphx-f9p5
github.com/chakra-core/ChakraCore/commit/2500e1cdc12cb35af73d5c8c9b85656aba6bab4d
github.com/chakra-core/ChakraCore/pull/3509
nvd.nist.gov/vuln/detail/CVE-2017-8659
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8659
web.archive.org/web/20210612224703/www.securityfocus.com/bid/100029
web.archive.org/web/20211127144809/www.securitytracker.com/id/1039095
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.013 Low
EPSS
Percentile
85.6%