CVE-2017-0208
published 2017-04-12CVE-2017-0208: An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who…
PriorityP424medium4.3CVSS 3.0
AVNACLPRNUIRSUCLINAN
EPSS
15.28%
96.4th percentile
An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft_corporation | edge | — | — |
| msrc | microsoft_edge_on_windows_10_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1703_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1703_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ChakraCore information disclosure vulnerability
osv·2022-05-17
CVE-2017-0208 [MEDIUM] ChakraCore information disclosure vulnerability
ChakraCore information disclosure vulnerability
An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."
GHSA
ChakraCore information disclosure vulnerability
ghsa·2022-05-17
CVE-2017-0208 [MEDIUM] CWE-200 ChakraCore information disclosure vulnerability
ChakraCore information disclosure vulnerability
An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."
Microsoft
Scripting Engine Information Disclosure Vulnerability
vendor_msrc·2017-04-11·CVSS 4.3
CVE-2017-0208 [MEDIUM] Scripting Engine Information Disclosure Vulnerability
Scripting Engine Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attack
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/97460http://www.securitytracker.com/id/1038234https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208http://www.securityfocus.com/bid/97460http://www.securitytracker.com/id/1038234https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208
2017-04-12
Published