CVE-2017-11791

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709...

CVE-2017-11862

ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from...

CVE-2017-11866

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption...

CVE-2017-11840

CVE-2017-11840 αφορά ChakraCore/Microsoft Edge en Windows 10 (Gold/1511/1607/1703/1709) y Windows Server 2016/Server 1709. El fallo proviene de cómo el motor de scripting maneja objetos en la memoria, generando una corrupción de memoria que posibilita que un atacante obtenga los mismos privilegio...

CVE-2017-11846

CVE-2017-11846 affects ChakraCore and Edge/IE scripting engine in Windows 7 SP1, Windows Server 2008/2008 R2, 8.1, 10 (various builds), and Windows Server 2012/2012 R2, with memory handling in the scripting engine leading to memory corruption. The vulnerability could allow an attacker to execute ...

CVE-2017-11838

CVE-2017-11838 affects ChakraCore and Microsoft Edge in Windows environments (various versions listed in the initial entry). The vulnerability arises from how the scripting engine handles objects in memory, leading to memory corruption that could allow an attacker to execute code with the same us...

CVE-2017-11861

Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID i...

CVE-2017-11866

CVE-2017-11866 concerns ChakraCore/Edge on Windows 10 (various editions) where the scripting engine’s memory handling in objects can be abused to execute code with the caller’s privileges. The root cause is memory corruption within the scripting engine, enabling privilege escalation. Connected ad...

CVE-2017-11862

CVE-2017-11862 affects ChakraCore and Microsoft Edge on Windows 10 version 1709 and Windows Server 1709. The vulnerability is a Scripting Engine Memory Corruption in the in-memory handling of objects, allowing an attacker to gain the same user rights as the current user (privilege escalation). Th...

CVE-2017-11871

CVE-2017-11871: ChakraCore and Microsoft Edge memory-corruption vulnerability in Windows 10 (1703/1709) and Windows Server 1709 allows an attacker to gain the current user’s rights via scripting engine object handling in memory. Root cause: memory handling in the scripting engine leads to memory ...

CVE-2017-11870

CVE-2017-11870 affects ChakraCore and Microsoft Edge on Windows 10 (1703/1709) and Windows Server 1709, arising from how the scripting engine handles objects in memory. The vulnerability is described as a memory corruption issue in the scripting engine that can let an attacker execute code with t...

Microsoft Windows Multiple Vulnerabilities (KB4048954)

This host is missing a critical security update according to Microsoft KB4048954 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update

This November Patch Tuesday is moderate in volume and severity. Microsoft released patches to address 53 unique vulnerabilities, with 25 focused on Remote Code Execution fixes. Windows OS receives 14 patches, while the lion's share is focused on Browsers, Microsoft Office, and Adobe. According to...

Microsoft Patch Tuesday - November 2017

Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of them rated moderate...

November 14, 2017—KB4048952 (OS Build 10586.1232)

November 14, 2017—KB4048952 OS Build 10586.1232 This update can be applied to Windows 10 Enterprise and Windows 10 Education editions only. Improvements and fixes This update includes critical security updates that have been MSRC certified only. No new features or quality updates are included. Ke...

November 14, 2017—KB4048955 (OS Build 16299.64)

November 14, 2017—KB4048955 OS Build 16299.64 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue that causes the Mixed Reality Portal to stop responding on launch. Addressed...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploit...