CVE-2017-11767Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Chakracore

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
9.8CRITICALNVD
EPSS
17.2%
top 4.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Corporation Chakracore
Timeline
PublishedNov 2
Latest updateMay 13

Description

ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

CVEListV5microsoft_corporation/chakracoreChakraCore

🔴Vulnerability Details

3
OSV
ChakraCore vulnerable to privilege escalation2022-05-13
GHSA
ChakraCore vulnerable to privilege escalation2022-05-13
CVEList
CVE-2017-11767: ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in2017-11-02

📋Vendor Advisories

2
Microsoft
Scripting Engine Memory Corruption Vulnerability2017-09-12
Apache
Apache hadoop: CVE-2018-11767

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - October 20172017-10-10
Talos
Microsoft Patch Tuesday - October 20172017-10-10

💬Community

1
Bugzilla
CVE-2018-11767 hadoop: Apache Hadoop KMS ACL regression2019-04-04
CVE-2017-11767 — Corporation Chakracore vulnerability | cvebase