cbcvebase.
CVE-2017-0236
published 2017-05-12

CVE-2017-0236: A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka…

PriorityP351high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EPSS
31.58%
98.1th percentile
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0238.

Affected

12 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoft_corporationmicrosoft_browsers
msrcmicrosoft_edge_on_windows_10_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1703_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1703_for_x64-based_systems

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is in the Chakra JavaScript engine in Microsoft Edge; monitor for memory corruption triggered by specially crafted web content or ActiveX controls marked 'safe for initialization' embedded in Office documents or applications hosting the rendering engine.
  • Attack vector includes attacker-hosted websites, compromised websites, and sites hosting user-provided content or advertisements delivering specially crafted JavaScript content targeting Microsoft browser scripting engines.
  • Exploitation assessed as 'More Likely' for the latest software release; prioritize detection and patching on up-to-date Windows 10 / Edge systems (KB4019474, KB4019473, KB4019472, KB4016871).
  • ·No public exploit or active in-the-wild exploitation confirmed at time of advisory; exploitation likelihood rated 'More Likely' for latest release only.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
ghsa7.5HIGH
osv7.5HIGH
vendor_msrc4.2MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.