Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mscveMicrosoftMS:CVE-2017-11874
HistoryNov 14, 2017 - 8:00 a.m.

Microsoft Edge Security Feature Bypass Vulnerability

2017-11-1408:00:00
Microsoft
msrc.microsoft.com
10

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.3%

JSON

A security feature bypass vulnerability exists in Microsoft Edge as a result of how memory is accessed in code compiled by the Edge Just-In-Time (JIT) compiler that allows Control Flow Guard (CFG) to be bypassed. By itself, this CFG bypass vulnerability does not allow arbitrary code execution. However, an attacker could use the CFG bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code on a target system.

To exploit the CFG bypass vulnerability, a user must be logged on and running an affected version of Microsoft Edge. The user would then need to browse to a malicious website.

The security update addresses the CFG bypass vulnerability by helping to ensure that Microsoft Edge properly handles accessing memory in code compiled by the Edge JIT compiler.

Related

symantec 1
zdt 1
prion 3
cve 3
openvas 2
kaspersky 1
nessus 2
mskb 2
trendmicroblog 1
talosblog 1
symantec
symantec
Microsoft Edge CVE-2017-11874 Security Bypass Vulnerability
2017-11-14 00:00:00
zdt
zdt
Microsoft Edge Chakra CFG Bypass Due To Bug In ServerFreeAllocation Vulnerability
2017-12-06 00:00:00
prion
prion
Security feature bypass
2017-11-15 03:29:00
Security feature bypass
2017-11-15 03:29:00
Security feature bypass
2017-11-15 03:29:00
cve
cve
CVE-2017-11863
2017-11-15 03:29:00
CVE-2017-11872
2017-11-15 03:29:00
CVE-2017-11874
2017-11-15 03:29:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4048955)
2017-11-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4048954)
2017-11-15 00:00:00
kaspersky
kaspersky
KLA11140 Multiple vulnerabilities in Microsoft Edge and Internet Explorer
2017-11-14 00:00:00
nessus
nessus
KB4048955: Windows 10 Version 1709 and Windows Server Version 1709 November 2017 Cumulative Update
2017-11-14 00:00:00
KB4048954: Windows 10 Version 1703 November 2017 Cumulative Update
2017-11-14 00:00:00
mskb
mskb
November 14, 2017—KB4048954 (OS Build 15063.726 and 15063.728)
2017-11-14 08:00:00
November 14, 2017—KB4048955 (OS Build 16299.64)
2017-11-14 08:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of November 13, 2017
2017-11-17 16:46:19
talosblog
talosblog
Microsoft Patch Tuesday - November 2017
2017-11-14 11:54:00

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.3%

JSON
Related for MS:CVE-2017-11874
symantec1zdt1prion3cve3openvas2kaspersky1nessus2mskb2trendmicroblog1talosblog1