CVSS: 7.6EPSS: 92%CPEs: 7EXPL: 1CVE-2017-11809 – Microsoft Edge Chakra - 'StackScriptFunction::BoxState::Box' Accesses to Uninitialized Pointers (Denial of Service)
https://notcve.org/view.php?id=CVE-2017-11809
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. ChakraCore y Microsoft Edge en Microsoft Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permiten que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que el motor de scripting gestiona objetos en la memoria, lo que también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812 y CVE-2017-11821. Microsoft Edge Chakra accesses uninitialized pointers in StackScriptFunction::BoxState::Box. • https://www.exploit-db.com/exploits/42999 http://www.securityfocus.com/bid/101137 http://www.securitytracker.com/id/1039532 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11809 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 4%CPEs: 6EXPL: 0CVE-2017-11812 – Microsoft Chakra asm.js ArrayBuffer Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11812
ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821. ChakraCore y Microsoft Edge en Microsoft Windows 10 1511, 1607, 1703 y Windows Server 2016 permiten que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que el motor de scripting gestiona objetos en la memoria, lo que también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812 y CVE-2017-11821. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. • http://www.securityfocus.com/bid/101139 http://www.securitytracker.com/id/1039529 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11812 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 7%CPEs: 3EXPL: 0CVE-2017-11821
https://notcve.org/view.php?id=CVE-2017-11821
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, and CVE-2017-11812. ChakraCore y Microsoft Edge en Microsoft Windows 10 1703 permiten que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que el motor de scripting gestiona objetos en la memoria, lo que también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811 y CVE-2017-11812. • http://www.securityfocus.com/bid/101123 http://www.securitytracker.com/id/1039529 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11821 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 4%CPEs: 6EXPL: 0CVE-2017-8726
https://notcve.org/view.php?id=CVE-2017-8726
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803. Microsoft Edge en Microsoft Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite que un atacante ejecute código arbitrario en el contexto del usuario actual debido a cómo gestionan objetos en la memoria los motores de scripting Microsoft afectados, lo que también se conoce como "Microsoft Edge Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2017-11794 y CVE-2017-11803. • http://www.securityfocus.com/bid/101084 http://www.securitytracker.com/id/1039529 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8726 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 4%CPEs: 5EXPL: 0CVE-2017-11800 – Microsoft Chakra Array JIT Optimization Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11800
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. Microsoft Edge en Microsoft Windows 10 Gold, 1511, 1607 y Windows Server 2016 permite que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que el motor de scripting gestiona objetos en la memoria, lo que también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812 y CVE-2017-11821. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. • http://www.securityfocus.com/bid/101127 http://www.securitytracker.com/id/1039529 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11800 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •