cbcvebase.
CVE-2017-11841
published 2017-11-15

CVE-2017-11841: ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the…

PriorityP267high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
59.64%
99.0th percentile
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.

Affected

13 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
msrcchakracore
msrcmicrosoft_edge_on_windows_10_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1703_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1703_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1709_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1709_for_x64-based_systems
msrcmicrosoft_edge_on_windows_server_2016

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered by a JIT compiler bug in ChakraCore's Inline::InlineCallApplyTarget_Shared where InitForInEnumerator is skipped during inlining, causing memory corruption. Detect JavaScript patterns using nested for-in loops over a .call({}) on an inlined function, iterated thousands of times to trigger JIT compilation.
  • The exploit requires a high iteration count (e.g., 10000 loops) to trigger JIT optimization of the vulnerable code path. Heuristic detection should flag scripts with tight loops (>1000 iterations) that call a function via .call({}) inside a for-in construct.
  • The root cause is that InlineCallApplyTarget_Shared returns callInstr->m_next->m_next, causing the InitForInEnumerator instruction to be skipped during JIT inlining in Microsoft Edge / ChakraCore. This is a ChakraCore JIT-specific code path; detection should focus on Edge/ChakraCore JIT activity.
  • Exploitation vector is web-based: attacker hosts or compromises a website serving specially crafted JavaScript to Microsoft Edge users. Monitor for drive-by download scenarios targeting Edge on Windows 10 / Windows Server 2016.
  • ·The vulnerability affects ChakraCore and Microsoft Edge on Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server version 1709. Older software releases are listed as N/A for exploitation likelihood, meaning only the latest software release is rated 'Exploitation More Likely'.
  • ·The fix was committed in ChakraCore v1.7.4. Systems patched with KB4048955, KB4048954, KB4048956, KB4048952, or KB4048953 are not vulnerable. Detection rules should be scoped to unpatched systems.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
ghsa7.5HIGH
osv7.5HIGH
vulncheck7.5HIGH
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.