CVE-2017-8659 — Sensitive Information Exposure in Corporation Microsoft Scripting Engine

CWE-200 — Sensitive Information Exposure7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

14.6%

top 5.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Scripting Engine

Timeline

PublishedAug 8

Latest updateMay 17

Description

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5microsoft_corporation/microsoft_scripting_engineMicrosoft Windows 10 1703.

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

ChakraCore information disclosure vulnerability↗2022-05-17

▶

OSV

ChakraCore information disclosure vulnerability↗2022-05-17

▶

CVEList

CVE-2017-8659: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripti↗2017-08-08

▶

📋Vendor Advisories

Microsoft

Scripting Engine Information Disclosure Vulnerability↗2017-08-08

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - August 2017↗2017-08-08

▶

Talos

Microsoft Patch Tuesday - August 2017↗2017-08-08

▶