CVSS: 7.6EPSS: 12%CPEs: 4EXPL: 0CVE-2017-0238 – Microsoft Chakra Array unshift Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0238
A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0236. Se presenta una vulnerabilidad de ejecución de código remota en los navegadores de Microsoft en la manera que los motores de scripting de JavaScript maneja los objetos en la memoria, también se conoce como "Scripting Engine Memory Corruption Vulnerability." El ID de este CVE es diferente de CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235 y CVE-2017-0236. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. • http://www.securityfocus.com/bid/98237 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0238 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 17%CPEs: 2EXPL: 0CVE-2017-0228 – Microsoft Chakra Array Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0228
A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. Existe una vulnerabilidad de ejecución remota de código en los navegadores de Microsoft en la forma en que los motores de JavaScript se procesan al manipular objetos en la memoria, también conocido como "Vulnerabilidad de corrupción de memoria del motor de secuencias de comandos". Este CVE ID es exclusivo de CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236 y CVE-2017-0238. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. • http://www.securityfocus.com/bid/98164 http://www.securitytracker.com/id/1038425 http://www.securitytracker.com/id/1038426 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0228 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 21%CPEs: 1EXPL: 0CVE-2017-0240 – Microsoft Edge AudioBuffer Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0240
A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0221 and CVE-2017-0227. Se presenta una vulnerabilidad de ejecución de código remota en Microsoft Edge en la manera en que los motores de scripting de Microsoft afectados renderizan cuando se manejan objetos en la memoria, también se conoce como "Microsoft Edge Memory Corruption Vulnerability." El ID de este CVE es diferente de CVE-2017-0221 y CVE-2017-0227 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AudioBuffer objects. • http://www.securityfocus.com/bid/98203 http://www.securitytracker.com/id/1038424 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0240 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 21%CPEs: 1EXPL: 0CVE-2017-0234 – Microsoft Edge ArrayBuffer Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0234
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. Existe una vulnerabilidad de ejecución remota de código en Microsoft Edge en la forma en que el motor de JavaScript de Chakra procesa cuando se accede a objetos en memoria, también conocido como "Scripting Engine Memory Corruption Vulnerability". Este CVE ID es exclusivo de CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236 y CVE-2017-0238. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. • http://www.securityfocus.com/bid/98229 http://www.securitytracker.com/id/1038431 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0234 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 13%CPEs: 1EXPL: 0CVE-2017-0208
https://notcve.org/view.php?id=CVE-2017-0208
An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability." Existe una vulnerabilidad de divulgación de información en Microsoft Edge cuando el motor de secuencias de comandos Chakra no maneja adecuadamente los objetos en la memoria. Un atacante que explotara con éxito la vulnerabilidad podría obtener información para comprometer aún más el sistema del usuario, vulnerabilidad también conocida como "Scripting Engine Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/97460 http://www.securitytracker.com/id/1038234 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •