CVE-2017-11888Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Microsoft Edge

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents5 sources
Severity
7.5HIGHNVD
EPSS
20.5%
top 4.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Microsoft Corporation Microsoft EdgeMsrc Microsoft Edge ON Windows 10 FOR 32-bit SystemsMsrc Microsoft Edge ON Windows 10 FOR X64-based Systems+9 more
Timeline
PublishedDec 12
Latest updateMay 14

Description

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages12 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-6336-h2v2-8j9x: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the conte2022-05-14

📋Vendor Advisories

1
Microsoft
Microsoft Edge Memory Corruption Vulnerability2017-12-12

🕵️Threat Intelligence

8
Trendmicro
December Patch Tuesday: MMPE Vulnerability Updates2017-12-13
Trendmicro
December Patch Tuesday: MMPE Vulnerability Updates2017-12-13
Trendmicro
December Patch Tuesday: MMPE Vulnerability Updates2017-12-13
Trendmicro
December Patch Tuesday: MMPE Vulnerability Updates2017-12-13
Trendmicro
December Patch Tuesday: MMPE Vulnerability Updates2017-12-13
CVE-2017-11888 — HIGH severity | cvebase