CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8637
https://notcve.org/view.php?id=CVE-2017-8637
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Scripting Engine Security Feature Bypass Vulnerability". Microsoft Edge en Microsoft Windows 10 1703 permite que un atacante eluda el Arbitrary Code Guard (ACG) debido a la forma en la que Microsoft Edge accede a la memoria en código compilado por el compilador Edge Just-In-Time (JIT). Esto también se conoce como "Scripting Engine Security Feature Bypass Vulnerability". • http://www.securityfocus.com/bid/100045 http://www.securitytracker.com/id/1039095 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8637 •
CVSS: 7.6EPSS: 91%CPEs: 5EXPL: 1CVE-2017-8657 – Microsoft Edge - Out-of-Bounds Access when Fetching Source
https://notcve.org/view.php?id=CVE-2017-8657
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. Microsoft Edge en Microsoft Windows 10 1511, 1607, 1703, y Windows Server 2016 permite que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que los motores JavaScript del navegador de Windows renderizan contenido cuando gestionan objetos en la memoria. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, y CVE-2017-8674. • https://www.exploit-db.com/exploits/42481 http://www.securityfocus.com/bid/100035 http://www.securitytracker.com/id/1039095 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8657 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0CVE-2017-8662
https://notcve.org/view.php?id=CVE-2017-8662
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disclose information due to how strings are validated in specific scenarios, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8652. Microsoft Edge en Microsoft Windows 10 1703 permite que un atacante revele información debido a la forma en la que se validan los strings en escenarios específicos. Esto también se concoe como "Microsoft Edge Information Disclosure Vulnerability". Este ID CVE es exclusivo de CVE-2017-8644 y CVE-2017-8652. • http://www.securityfocus.com/bid/100031 http://www.securitytracker.com/id/1039101 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8662 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 91%CPEs: 5EXPL: 1CVE-2017-8646 – Microsoft Edge Chakra - 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Incorrect Usage of 'PushPopFrameHelper' (Denial of Service)
https://notcve.org/view.php?id=CVE-2017-8646
Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. Microsoft Edge en Windows 10 1511, 1607, 1703, y Windows Server 2016 permite que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que los motores JavaScript del navegador de Microsoft renderizan contenido cuando gestionan objetos en la memoria. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, y CVE-2017-8674. • https://www.exploit-db.com/exploits/42470 http://www.securityfocus.com/bid/100053 http://www.securitytracker.com/id/1039095 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 88%CPEs: 21EXPL: 4CVE-2017-8636 – Microsoft Edge Chakra - 'EmitNew' Integer Overflow
https://notcve.org/view.php?id=CVE-2017-8636
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. Los navegadores Microsoft en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permiten que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que los motores JavaScript de los navegadores Microsoft renderizan contenido cuando gestionan objetos en la memoria. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-8634, CVE-2017-8635, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, y CVE-2017-8674. • https://www.exploit-db.com/exploits/42478 https://www.exploit-db.com/exploits/42466 https://www.exploit-db.com/exploits/42468 https://www.exploit-db.com/exploits/42467 http://www.securityfocus.com/bid/100056 http://www.securitytracker.com/id/1039094 http://www.securitytracker.com/id/1039095 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8636 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •