255 matches found
CVE-2017-8603
CVE-2017-8603: A use-after-free in Microsoft Edge’s AsmJsInterpreter during HTML/script processing allows remote code execution in the current user context. Credited source (CPAI-2017-0656) notes Edge memory handling object processing as the root cause. Attack requires a user to open a crafted pa...
CVE-2017-8674
Technical details for CVE-2017-8674 are not publicly available in the provided documents; no affected products, root cause, or fixes are specified here. Monitor for updates from security advisories and vendor advisories.
CVE-2017-11845
Summary (CVE-2017-11845) : Microsoft Edge in Windows 10 version 1703 is affected by a memory corruption vulnerability in how Edge handles objects in memory, enabling remote code execution in the context of the current user when a user visits a crafted webpage. The issue is a remote exploit vector...
CVE-2017-8504
Technical details for CVE-2017-8504 are not publicly available in the provided documents. Monitor official advisories for updates and remediation information.
CVE-2017-8598
Technical details for CVE-2017-8598 are not provided in the connected documents. Monitor for updates from CIRCL/CNVD/Nessus sources for affected products, impacts, and fixes.
CVE-2017-8609
CVE-2017-8609 affects Microsoft Internet Explorer on Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016. The root cause is a memory-corruption vulnerability in the JavaScript engine’s handling of objects in memory, leading to remote code execution. Exploitation can occur when a user visi...
CVE-2017-8660
CVE-2017-8660 affects Microsoft Edge in Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016. Root cause: how the Microsoft Edge JavaScript engine renders objects in memory, leading to memory corruption. Impact: attacker can execute arbitrary code in the context of the current user. The...
CVE-2017-8753
CVE-2017-8753 : Microsoft Edge on Windows 10 (Gold/1511/1607/1703) and Windows Server 2016 is affected by a memory corruption issue in the Edge scripting engine when handling objects in memory, allowing an attacker to execute arbitrary code in the user’s context. Connected advisories corroborate ...
CVE-2018-0892
CVE-2018-0892 concerns Microsoft Edge information disclosure due to improper handling of objects in memory. The connected MS KB updates (KB4093107, KB4093112, KB4093119) document quality fixes for Internet Explorer/Microsoft Edge components, including SVG rendering issues and related memory acces...
CVE-2017-8734
CVE-2017-8734 affects Microsoft Edge in Windows 10/Server 2016, where memory handling of Edge objects enables arbitrary code execution in the current user context. The vulnerability stems from how Edge accesses in-memory objects, enabling remote code execution when a user loads a specially crafte...
CVE-2018-0932
CVE-2018-0932 affects Internet Explorer components in Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1/RT 8.1, Windows Server 2012/R2, and Internet Explorer/Edge on Windows 10, including IE in later builds (Gold, 1511, 1607, 1703, 1709) and Windows Server 2016. The vulnerability is an infor...
CVE-2017-0152
CVE-2017-0152 is described across multiple sources as a remote code execution vulnerability in the Microsoft scripting engine, with memory corruption that could allow an attacker to execute arbitrary code under the current user. Veracode specifically attributes the issue to ChakraCore’s handling ...
CVE-2016-0125
CVE-2016-0125 pertains to Microsoft Edge by mishandling the Referer policy, causing an information disclosure vulnerability that could expose a user’s request context or browsing history. Affected products include Microsoft Edge (and related IE components) with the root cause described as imprope...
CVE-2016-3388
CVE-2016-3388 affects Microsoft Internet Explorer 10/11 and Microsoft Edge through improper restriction of access to private namespaces, enabling privilege escalation. The CIRCL/NVD entries in the connected data indicate an exploitation presence (exploit-db entry 40606), but the provided document...
CVE-2017-0028
The connected data confirms CVE-2017-0028 affects the Microsoft scripting engine (ChakraCore) and is due to a use-after-free in Parse.cpp when asynchronous arrow functions are used, enabling remote code execution with the caller’s user rights. Impact is remote code execution in the context of the...
CVE-2017-8724
CVE-2017-8724 describes a spoofing vulnerability in Microsoft Edge on Windows 10 Version 1703, caused by the browser’s handling/parsing of HTTP content. An attacker could trick a user by redirecting to a specially crafted website. The CNVD entry confirms Edge spoofing in Edge on Windows 10 1703; ...
CVE-2016-3248
CVE-2016-3248 covers a memory corruption vulnerability in Microsoft scripting engines (JScript 9, VBScript, Chakra) used by IE 9–11 and Edge. Exploitation via a crafted web site could allow remote code execution or memory corruption leading to DoS. Affected components: JScript/VBScript/Chakra wit...
CVE-2017-8726
Microsoft Edge on Windows 10 (versions Gold, 1511, 1607, 1703, 1709) and Windows Server 2016 is affected by several CVEs related to how Edge handles objects in memory. CVE-2017-8726 describes a memory-corruption vulnerability in Microsoft Edge’s scripting engines that can allow arbitrary code exe...
CVE-2018-0998
CVE-2018-0998 concerns an information disclosure in Microsoft Edge PDF Reader where objects in memory are improperly handled. The affected product is Microsoft Edge. The connected MSKB updates (KB4093107, KB4093112, KB4093119) describe quality/security fixes across Edge and related components, im...
CVE-2026-26133
CVE-2026-26133 involves an AI command injection vulnerability in Microsoft 365 Copilot that can lead to unauthorized disclosure of information over a network. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N) indicates a network-accessible issue with no privileges required but user intera...
CVE-2016-7181
CVE-2016-7181 is a memory corruption/remote code execution vulnerability in Microsoft Edge described as a vulnerability where a crafted website could trigger memory corruption to execute arbitrary code or cause a denial of service. The affected component is Microsoft Edge browser (Windows environ...
CVE-2017-8595
CVE-2017-8595 is a memory-corruption vulnerability in Microsoft Edge’s scripting engine on Windows 10/Server 2016, where improper handling of in-memory objects can lead to arbitrary code execution with the current user’s privileges. The connected sources indicate Edge’s JavaScript engine memory h...
CVE-2017-8643
CVE-2017-8643 affects Microsoft Edge in Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016, enabling information disclosure by leaving a malicious website open during clipboard activity due to Edge clipboard event handling. The Nessus plugin for KB4038781 documents this as part of the Se...
CVE-2017-8735
CVE-2017-8735 is a Windows Edge spoofing vulnerability affecting Microsoft Edge on Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016, where Edge can be tricked into redirecting users to a specially crafted website due to how HTTP content is parsed. The connected sources corroborate this...
CVE-2016-0130
CVE-2016-0130: Connected CNVD entries describe a memory corruption vulnerability in Microsoft Edge that could be triggered by a crafted web site, enabling remote code execution or memory corruption in the context of the current user. The NVD entry reiterates remote code execution/DoS potential vi...
CVE-2016-7209
CVE-2016-7209 is a Microsoft Edge spoofing vulnerability. Microsoft browsers could be tricked into displaying content from a crafted website by exploiting HTTP response parsing weaknesses. Exploitation requires user interaction (e.g., clicking a link) or visiting a malicious site, per MSRC detail...
CVE-2017-8659
CVE-2017-8659 affects Microsoft Edge and Microsoft Internet Explorer on Windows 10 version 1703, due to the Chakra scripting engine not properly handling objects in memory, enabling information disclosure. The vulnerability is documented as a Chakra information disclosure issue with the Edge/IE m...
CVE-2017-8723
CVE-2017-8723 affects Microsoft Edge in Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016.根 The vulnerability is a security feature bypass in Edge CSP where certain crafted documents bypass CSP validation, enabling a user to be tricked into loading malicious content. Connected data corr...
CVE-2017-8754
Technical details for CVE-2017-8754 are not publicly available in the provided documents. Connected sources do not specify affected products, root cause, impact, or fixes. Monitor for updates from authoritative advisories.
CVE-2017-8757
CVE-2017-8757 is a remote code execution vulnerability in Microsoft Edge on Windows 10/Server 2016 where memory handling of Edge objects allows an attacker to run arbitrary code in the context of the current user. The issue is tied to Edge’s memory handling in regards to objects, and is listed am...
CVE-2016-0116
CVE-2016-0116 concerns a memory corruption vulnerability in Microsoft Edge exploitable via a crafted web site. The connected CNVD entries corroborate a remote memory corruption flaw in Edge that could allow arbitrary code execution in the context of the current user. The CNVD descriptions identif...
CVE-2017-8637
CVE-2017-8637 affects Microsoft Edge on Windows 10 version 1703, describing a security feature bypass of Arbitrary Code Guard (ACG) due to memory access in Edge’s JIT-compiled code. Connected sources detail that the Chakra/JIT server memory handling can process unvalidated loop headers, enabling ...
CVE-2017-8650
CVE-2017-8650 affects Microsoft Edge on Windows 10 version 1703 and is a security feature bypass caused by Edge failing to enforce same-origin policies. Attack vector involves cross-origin requests that can bypass SOP restrictions, potentially exposing information or bypassing security controls. ...
CVE-2017-8669
CVE-2017-8669 affects Microsoft browsers in supported Windows versions (Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10 1511/1607/1703, and Windows Server 2016) with memory handling weaknesses when rendering content. Root cause: objects i...
CVE-2017-8752
CVE-2017-8752 describes a memory corruption flaw in the Microsoft Edge scripting engine on Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016. The issue arises from how the engine handles objects in memory, allowing an attacker to execute arbitrary code in the context of the current u...
CVE-2016-0129
Technical details (affected products, versions, root cause, and exploit specifics) are not provided in the supplied documents. Monitor for updates from CNVD/NVD sources.
CVE-2017-8661
CVE-2017-8661 is a remote-code-execution vulnerability in the Microsoft Edge scripting engine and related Windows scripting components. The issue arises from memory handling of objects in memory, allowing an attacker to run arbitrary code in the context of the current user if a user visits a spec...
CVE-2017-8599
CVE-2017-8599 - Microsoft Edge Security Feature Bypass is tied to Edge CSP validation failures in affected Windows 10 editions (Gold, 1511, 1607, 1703) and Windows Server 2016. The vulnerability describes an attacker tricking a user into loading a page with malicious content due to improper valid...
CVE-2017-8498
CVE-2017-8498 affects Microsoft Edge on Windows 10 1607/1703 and Windows Server 2016. When Edge runs JavaScript that uses XML DOM objects to detect installed browser extensions, an attacker can read data not intended to be disclosed. This CVE is separate from CVE-2017-8504. No exploitation, remed...
CVE-2017-8611
CVE-2017-8611 affects Microsoft Edge on Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016. The vulnerability allows remote attackers to spoof web content via a crafted website. The NVD lists CVSS v3.0 base score 6.5 (I:H, A:N; UI:R). No remediation details are provided in the connected ...
CVE-2016-0105
Summary of CVE-2016-0105 details (IE/Edge): A memory corruption vulnerability in Microsoft Internet Explorer 9–11 and Microsoft Edge that can be triggered by a crafted web site, potentially allowing remote code execution or a denial of service. Connected CNVD entries corroborate the surface: affe...
CVE-2016-3246
CVE-2016-3246 is a memory‑corruption vulnerability in Microsoft Edge (and related Microsoft browsers) that enables remote code execution via a crafted web site. The root cause is improper handling of objects in memory, leading to memory corruption and arbitrary code execution in the context of th...
CVE-2016-7204
CVE-2016-7204 affects Microsoft Edge and is described as an information-disclosure vulnerability where Edge improperly handles memory objects. The vulnerability could allow a remote attacker to access a user’s My Documents folder via a crafted web site. Exploitation requirements include persuadin...
CVE-2016-3244
CVE-2016-3244 affects Microsoft Edge and is a security feature bypass where ASLR protections could be bypassed via a crafted web page. The underlying issue is that Edge does not properly implement ASLR, enabling a remote attacker to bypass address space layout randomization. The record confirms E...
CVE-2016-0110
CVE-2016-0110 affects Microsoft Internet Explorer 10–11 and Microsoft Edge. Root cause: memory corruption due to improper memory handling (e.g., mismatched array copy/object access) when processing crafted web content, leading to remote code execution or memory corruption. Impact: remote attacker...
CVE-2016-0123
Microsoft Edge memory corruption vulnerability exists; appears in CNVD reports describing a remote attacker executing arbitrary code via a crafted web site due to improper memory access. Edge is the affected software; impact is remote code execution in the context of the current user. The provide...
CVE-2016-0124
Microsoft Edge contains a memory corruption vulnerability that can be exploited by a crafted web site to execute arbitrary code or cause a denial of service. The CNVD entries describe a remote attacker able to run code in the context of the current user due to improper memory handling in Edge, al...
CVE-2017-8617
CVE-2017-8617 is a remote code execution vulnerability in Microsoft Edge on Windows 10 (1703) where memory objects are mishandled by scripting engines. Underlying cause: improper handling of objects in memory in Edge’s scripting engine, allowing an attacker to execute arbitrary code in the contex...
CVE-2017-8503
CVE-2017-8503 affects Microsoft Edge on Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016, where an attacker can escape the AppContainer sandbox, enabling elevation of privilege. The description in the connected documents reiterates this Edge sandbox escape vulnerability and distingu...
CVE-2017-0196
Summary: CVE-2017-0196 concerns the Microsoft scripting engine (ChakraCore) exposing information through a heap over-read in the IsMissingItem function when processing crafted web content, enabling a remote attacker to read confidential memory. Affected component: Microsoft ChakraCore JavaScript ...