CyberSec.Space Logo
Back to CVE Browser

CVE-2017-11767

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1670%
EPSS Percentile42.19th
PublishedNov 2, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

Affected Platforms (CPE)

πŸ“¦
Microsoft

Chakracore

All versions

References & Advisories

πŸ”— http://www.securityfocus.com/bid/100838
πŸ”— http://www.securitytracker.com/id/1039369
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767
πŸ”— http://www.securityfocus.com/bid/100838
πŸ”— http://www.securitytracker.com/id/1039369
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767

Related Vulnerabilities

CVE-2018-85009.8

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scrip...

CVE-2020-10738.1

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scrip...

CVE-2019-05687.5

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Ed...

CVE-2019-06397.5

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scrip...