CVE-2017-11870: Buffer Overflow
First published: Wed Nov 15 2017(Updated: )
ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11871, and CVE-2017-11873.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| nuget/Microsoft.ChakraCore | <1.7.4 | 1.7.4 |
| ChakraCore | ||
| Microsoft Edge Beta | ||
| Windows 10 | =1703 | |
| Windows 10 | =1709 | |
| Microsoft Windows Server | =1709 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-11870?
CVE-2017-11870 has a severity rating of Critical due to its potential to allow attackers to gain the same user rights as the current user.
How do I fix CVE-2017-11870?
To fix CVE-2017-11870, ensure that your Microsoft Edge and Windows 10 systems are fully updated with the latest security patches.
Which versions of software are affected by CVE-2017-11870?
CVE-2017-11870 affects Microsoft ChakraCore, Microsoft Edge, and specific versions of Windows 10 and Windows Server from the 1703 and 1709 releases.
What type of vulnerability is CVE-2017-11870?
CVE-2017-11870 is categorized as a Scripting Engine Memory Corruption Vulnerability, exploiting how the scripting engine handles objects in memory.
Can CVE-2017-11870 be exploited remotely?
Yes, CVE-2017-11870 can potentially be exploited remotely, allowing attackers to execute arbitrary code by manipulating the scripting engine.
- collector/github-advisory-latest
- alias/GHSA-9f2p-wm46-6m5f
- alias/CVE-2017-11870
- collector/github-advisory
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/nuget
- vendor/microsoft
- canonical/chakracore
- canonical/microsoft edge beta
- canonical/windows 10
- version/windows 10/1703
- version/windows 10/1709
- canonical/microsoft windows server
- version/microsoft windows server/1709