CVE-2017-11809 – Microsoft Edge Chakra - 'StackScriptFunction::BoxState::Box' Accesses to Uninitialized Pointers (Denial of Service)
https://notcve.org/view.php?id=CVE-2017-11809
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. ChakraCore y Microsoft Edge en Microsoft Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permiten que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que el motor de scripting gestiona objetos en la memoria, lo que también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812 y CVE-2017-11821. Microsoft Edge Chakra accesses uninitialized pointers in StackScriptFunction::BoxState::Box. • https://www.exploit-db.com/exploits/42999 http://www.securityfocus.com/bid/101137 http://www.securitytracker.com/id/1039532 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11809 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-11812 – Microsoft Chakra asm.js ArrayBuffer Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11812
ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821. ChakraCore y Microsoft Edge en Microsoft Windows 10 1511, 1607, 1703 y Windows Server 2016 permiten que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que el motor de scripting gestiona objetos en la memoria, lo que también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812 y CVE-2017-11821. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. • http://www.securityfocus.com/bid/101139 http://www.securitytracker.com/id/1039529 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11812 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-11821
https://notcve.org/view.php?id=CVE-2017-11821
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, and CVE-2017-11812. ChakraCore y Microsoft Edge en Microsoft Windows 10 1703 permiten que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que el motor de scripting gestiona objetos en la memoria, lo que también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811 y CVE-2017-11812. • http://www.securityfocus.com/bid/101123 http://www.securitytracker.com/id/1039529 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11821 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-11767
https://notcve.org/view.php?id=CVE-2017-11767
ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". ChakraCore permite que un atacante obtenga los mismos derechos de usuario que el usuario actual por la manera en la que el motor de scripting de ChakraCore maneja los objetos en la memoria. Esta vulnerabilidad también se conoce como "Scripting Engine Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/100838 http://www.securitytracker.com/id/1039369 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-8658
https://notcve.org/view.php?id=CVE-2017-8658
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". Existe una vulnerabilidad de ejecución remota de código que se manifiesta en la forma en la que el motor Chakra JavaScript renderiza cuando gestiona objetos en la memoria. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/100036 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •