cbcvebase.
CVE-2017-11870
published 2017-11-15

CVE-2017-11870: ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user…

PriorityP266high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
59.64%
99.0th percentile
ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11871, and CVE-2017-11873.

Affected

6 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
msrcchakracore
msrcmicrosoft_edge_on_windows_10_version_1703_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1703_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1709_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1709_for_x64-based_systems

Detection & IOCsextracted from sources · hover to see the quote

  • Trigger condition: function declaration inside a block scope shares name with a formal parameter, causing incorrect scope resolution in ChakraCore JIT — look for JavaScript patterns where a named function declaration inside a block shadows a formal parameter of the same name
  • PoC trigger pattern: a function with a formal parameter and a same-named block-scoped function declaration, iterated ~10000 times to trigger JIT compilation — monitor for high-iteration loops invoking such functions in Edge/ChakraCore JS engine contexts
  • Vulnerability class is scripting engine memory corruption via incorrect handling of objects in memory in Microsoft Edge (HTML-based); attacker delivery vector is a specially crafted website or compromised site hosting malicious content targeting Edge users
  • Root cause is in PreVisitFunction/HasAnyWriteToFormals logic in ChakraCore's Parser::BindPidRefsInScope — the check fails to detect block-scoped function declarations that shadow formals, leading to wrong JIT argument optimization
  • ·Exploit Status is 'Publicly Disclosed: No; Exploited: No' at time of advisory, but rated 'Exploitation More Likely' for latest software release — no in-the-wild exploitation confirmed at patch time
  • ·Fix is in ChakraCore v1.7.4 and Windows update KB4048954/KB4048955; detections targeting unpatched systems should check for ChakraCore versions prior to 1.7.4

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
ghsa7.5HIGH
osv7.5HIGH
vulncheck7.5HIGH
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.