CVE-2017-8518 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Microsoft Edge

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

7.5HIGHNVD

EPSS

24.0%

top 3.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Edge Msrc Microsoft Edge ON Windows 10 FOR 32-bit Systems Msrc Microsoft Edge ON Windows 10 FOR X64-based Systems +7 more

Timeline

PublishedAug 10

Latest updateMay 17

Description

Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages10 packages

▶CVEListV5microsoft_corporation/microsoft_edgeWindows 10 Gold, Windows 10 1511, Windows 10 1607, Windows 10 1703, Windows Server 2016, Chakra Core

▶msrcmsrc/microsoft_edge_on_windows_server_2016

▶msrcmsrc/microsoft_edge_on_windows_10_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_for_x64-based_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1511_for_32-bit_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-ghwj-mmjc-3g52: Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka "Scripting Engine Memory Corruption Vuln↗2022-05-17

▶

📋Vendor Advisories

Microsoft

Microsoft Edge Memory Corruption Vulnerability↗2017-08-08

▶