CVE-2017-0208 — Sensitive Information Exposure in Corporation Edge

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

14.9%

top 5.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Edge

Timeline

PublishedApr 12

Latest updateMay 17

Description

An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5microsoft_corporation/edgeEdge

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

ChakraCore information disclosure vulnerability↗2022-05-17

▶

GHSA

ChakraCore information disclosure vulnerability↗2022-05-17

▶

CVEList

CVE-2017-0208: An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory↗2017-04-12

▶

📋Vendor Advisories

Microsoft

Scripting Engine Information Disclosure Vulnerability↗2017-04-11

▶