cvelistv5 - CVE-2017-11836

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:19:39.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039780",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039780"
          },
          {
            "name": "101727",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101727"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ChakraCore, Microsoft Edge",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709."
            }
          ]
        }
      ],
      "datePublic": "2017-11-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-15T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1039780",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039780"
        },
        {
          "name": "101727",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101727"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "DATE_PUBLIC": "2017-11-14T00:00:00",
          "ID": "CVE-2017-11836",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ChakraCore, Microsoft Edge",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039780",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039780"
            },
            {
              "name": "101727",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101727"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-11836",
    "datePublished": "2017-11-15T03:00:00Z",
    "dateReserved": "2017-07-31T00:00:00",
    "dateUpdated": "2024-09-17T03:13:50.820Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6872EB28-0456-421E-810E-67C17778168C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BD5B232-95EA-4F8E-8C7D-7976877AD243\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21540673-614A-4D40-8BD7-3F07723803B0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"232581CC-130A-4C62-A7E9-2EC9A9364D53\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEE2E768-0F45-46E1-B6D7-087917109D98\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83B14968-3985-43C3-ACE5-8307196EFAE3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF6437F9-6631-49D3-A6C2-62329E278E31\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka \\\"Scripting Engine Memory Corruption Vulnerability\\\". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.\"}, {\"lang\": \"es\", \"value\": \"ChakraCore y Microsoft Edge en Microsoft Windows 10 Gold, 1511, 1607, 1703 y 1709, Windows Server 2016 y Windows Server en su versi\\u00f3n 1709 permiten que un atacante tome el control de un sistema afectado debido a la manera en la que el motor de scripting gestiona los objetos en la memoria. Esta vulnerabilidad tambi\\u00e9n se conoce como \\\"Scripting Engine Memory Corruption Vulnerability\\\". El ID de este CVE es diferente de CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871 y CVE-2017-11873.\"}]",
      "id": "CVE-2017-11836",
      "lastModified": "2024-11-21T03:08:36.197",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 4.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-11-15T03:29:00.607",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/101727\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039780\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/101727\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039780\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-11836\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2017-11-15T03:29:00.607\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka \\\"Scripting Engine Memory Corruption Vulnerability\\\". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.\"},{\"lang\":\"es\",\"value\":\"ChakraCore y Microsoft Edge en Microsoft Windows 10 Gold, 1511, 1607, 1703 y 1709, Windows Server 2016 y Windows Server en su versi\u00f3n 1709 permiten que un atacante tome el control de un sistema afectado debido a la manera en la que el motor de scripting gestiona los objetos en la memoria. Esta vulnerabilidad tambi\u00e9n se conoce como \\\"Scripting Engine Memory Corruption Vulnerability\\\". El ID de este CVE es diferente de CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871 y CVE-2017-11873.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6872EB28-0456-421E-810E-67C17778168C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BD5B232-95EA-4F8E-8C7D-7976877AD243\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"232581CC-130A-4C62-A7E9-2EC9A9364D53\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEE2E768-0F45-46E1-B6D7-087917109D98\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B14968-3985-43C3-ACE5-8307196EFAE3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF6437F9-6631-49D3-A6C2-62329E278E31\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/101727\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039780\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/101727\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2017-34922

Vulnerability from cnvd - Published: 2017-11-22

Title

Microsoft Edge脚本引擎内存破坏漏洞（CNVD-2017-34922）

Description

Microsoft Edge是内置于Windows 10版本中的网页浏览器。 Microsoft Edge脚本引擎在实现上存在内存破坏漏洞，未经身份验证的远程攻击者利用该漏洞在目标系统上执行任意代码。

Severity

高

Patch Name

Microsoft Edge脚本引擎内存破坏漏洞（CNVD-2017-34922）的补丁

Patch Description

Microsoft Edge是内置于Windows 10版本中的网页浏览器。 Microsoft Edge脚本引擎在实现上存在内存破坏漏洞，未经身份验证的远程攻击者利用该漏洞在目标系统上执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836

Reference

http://technet.microsoft.com/security/bulletin/November 2017 Security Updates

Impacted products

Name
['Microsoft Edge', 'Microsoft Windows 10 Gold', 'Microsoft Windows 10 1511', 'Microsoft Windows 10 1607', 'Microsoft Windows Server 2016', 'Microsoft Windows 10 1703', 'Microsoft Windows 10 1709']

Show details on source website

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "101727"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-11836"
    }
  },
  "description": "Microsoft Edge\u662f\u5185\u7f6e\u4e8eWindows 10\u7248\u672c\u4e2d\u7684\u7f51\u9875\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft Edge\u811a\u672c\u5f15\u64ce\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Microsoft ChakraCore Team",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34922",
  "openTime": "2017-11-22",
  "patchDescription": "Microsoft Edge\u662f\u5185\u7f6e\u4e8eWindows 10\u7248\u672c\u4e2d\u7684\u7f51\u9875\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft Edge\u811a\u672c\u5f15\u64ce\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Edge\u811a\u672c\u5f15\u64ce\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-34922\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Edge",
      "Microsoft Windows 10 Gold",
      "Microsoft Windows 10  1511",
      "Microsoft Windows 10 1607",
      "Microsoft Windows Server 2016",
      "Microsoft Windows 10 1703",
      "Microsoft Windows 10 1709"
    ]
  },
  "referenceLink": "http://technet.microsoft.com/security/bulletin/November 2017 Security Updates",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-16",
  "title": "Microsoft Edge\u811a\u672c\u5f15\u64ce\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-34922\uff09"
}

FKIE_CVE-2017-11836

Vulnerability from fkie_nvd - Published: 2017-11-15 03:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/101727	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1039780	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101727	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039780	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	chakracore	*
microsoft	edge	*
microsoft	windows_10	-
microsoft	windows_10	1511
microsoft	windows_10	1607
microsoft	windows_10	1703
microsoft	windows_10	1709
microsoft	windows_server_2016	*
microsoft	windows_server_2016	1709

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6872EB28-0456-421E-810E-67C17778168C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BD5B232-95EA-4F8E-8C7D-7976877AD243",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
              "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873."
    },
    {
      "lang": "es",
      "value": "ChakraCore y Microsoft Edge en Microsoft Windows 10 Gold, 1511, 1607, 1703 y 1709, Windows Server 2016 y Windows Server en su versi\u00f3n 1709 permiten que un atacante tome el control de un sistema afectado debido a la manera en la que el motor de scripting gestiona los objetos en la memoria. Esta vulnerabilidad tambi\u00e9n se conoce como \"Scripting Engine Memory Corruption Vulnerability\". El ID de este CVE es diferente de CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871 y CVE-2017-11873."
    }
  ],
  "id": "CVE-2017-11836",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-15T03:29:00.607",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101727"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039780"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-11836

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-11836

Aliases

CVE-2017-11836

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-11836",
    "description": "ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",
    "id": "GSD-2017-11836"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-11836"
      ],
      "details": "ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",
      "id": "GSD-2017-11836",
      "modified": "2023-12-13T01:21:15.397944Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "DATE_PUBLIC": "2017-11-14T00:00:00",
        "ID": "CVE-2017-11836",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ChakraCore, Microsoft Edge",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709."
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1039780",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039780"
          },
          {
            "name": "101727",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/101727"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,)",
          "affected_versions": "All versions",
          "cvss_v2": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-119",
            "CWE-937"
          ],
          "date": "2017-12-01",
          "description": "ChakraCore, and Microsoft Edge in Microsoft Windows Gold, Windows Server and Windows Server allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",
          "fixed_versions": [],
          "identifier": "CVE-2017-11836",
          "identifiers": [
            "CVE-2017-11836"
          ],
          "not_impacted": "",
          "package_slug": "nuget/Microsoft.ChakraCore",
          "pubdate": "2017-11-15",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2017-11836",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836",
            "http://www.securitytracker.com/id/1039780",
            "http://www.securityfocus.com/bid/101727"
          ],
          "uuid": "f7bf7a5b-f8fb-4ae4-83db-269044cb06ae"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-11836"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836"
            },
            {
              "name": "1039780",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039780"
            },
            {
              "name": "101727",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/101727"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-12-01T14:03Z",
      "publishedDate": "2017-11-15T03:29Z"
    }
  }
}

GHSA-F92J-XCF9-HQ3P

Vulnerability from github – Published: 2022-05-17 00:19 – Updated: 2022-05-17 00:19

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-11836"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-15T03:29:00Z",
    "severity": "HIGH"
  },
  "details": "ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",
  "id": "GHSA-f92j-xcf9-hq3p",
  "modified": "2022-05-17T00:19:26Z",
  "published": "2022-05-17T00:19:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11836"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101727"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039780"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2017-AVI-407

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une divulgation d'informations, une exécution de code à distance et un contournement de la fonctionnalité de sécurité

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-11843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11843"
    },
    {
      "name": "CVE-2017-11791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11791"
    },
    {
      "name": "CVE-2017-11846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11846"
    },
    {
      "name": "CVE-2017-11836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11836"
    },
    {
      "name": "CVE-2017-11838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11838"
    },
    {
      "name": "CVE-2017-11858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11858"
    },
    {
      "name": "CVE-2017-11845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11845"
    },
    {
      "name": "CVE-2017-11873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11873"
    },
    {
      "name": "CVE-2017-11833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11833"
    },
    {
      "name": "CVE-2017-11870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11870"
    },
    {
      "name": "CVE-2017-11827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11827"
    },
    {
      "name": "CVE-2017-11866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11866"
    },
    {
      "name": "CVE-2017-11872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11872"
    },
    {
      "name": "CVE-2017-11863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11863"
    },
    {
      "name": "CVE-2017-11871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11871"
    },
    {
      "name": "CVE-2017-11874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11874"
    },
    {
      "name": "CVE-2017-11861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11861"
    },
    {
      "name": "CVE-2017-11841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11841"
    },
    {
      "name": "CVE-2017-11803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11803"
    },
    {
      "name": "CVE-2017-11862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11862"
    },
    {
      "name": "CVE-2017-11844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11844"
    },
    {
      "name": "CVE-2017-11837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11837"
    },
    {
      "name": "CVE-2017-11840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11840"
    },
    {
      "name": "CVE-2017-11839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11839"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-407",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-11-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une divulgation d\u0027informations, une ex\u00e9cution de code \u00e0\ndistance et un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 novembre 2017",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
    }
  ]
}

CERTFR-2017-AVI-411

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une divulgation d'informations, une exécution de code à distance et un contournement de la fonctionnalité de sécurité

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	N/A	ChakraCore

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-11843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11843"
    },
    {
      "name": "CVE-2017-11791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11791"
    },
    {
      "name": "CVE-2017-11846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11846"
    },
    {
      "name": "CVE-2017-11836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11836"
    },
    {
      "name": "CVE-2017-11838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11838"
    },
    {
      "name": "CVE-2017-11858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11858"
    },
    {
      "name": "CVE-2017-11873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11873"
    },
    {
      "name": "CVE-2017-11870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11870"
    },
    {
      "name": "CVE-2017-11866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11866"
    },
    {
      "name": "CVE-2017-11871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11871"
    },
    {
      "name": "CVE-2017-11874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11874"
    },
    {
      "name": "CVE-2017-11861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11861"
    },
    {
      "name": "CVE-2017-11841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11841"
    },
    {
      "name": "CVE-2017-11862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11862"
    },
    {
      "name": "CVE-2017-11837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11837"
    },
    {
      "name": "CVE-2017-11840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11840"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-411",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-11-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une divulgation d\u0027informations, une ex\u00e9cution de\ncode \u00e0 distance et un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 novembre 2017",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
    }
  ]
}

CERTFR-2017-AVI-407

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-11843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11843"
    },
    {
      "name": "CVE-2017-11791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11791"
    },
    {
      "name": "CVE-2017-11846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11846"
    },
    {
      "name": "CVE-2017-11836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11836"
    },
    {
      "name": "CVE-2017-11838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11838"
    },
    {
      "name": "CVE-2017-11858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11858"
    },
    {
      "name": "CVE-2017-11845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11845"
    },
    {
      "name": "CVE-2017-11873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11873"
    },
    {
      "name": "CVE-2017-11833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11833"
    },
    {
      "name": "CVE-2017-11870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11870"
    },
    {
      "name": "CVE-2017-11827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11827"
    },
    {
      "name": "CVE-2017-11866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11866"
    },
    {
      "name": "CVE-2017-11872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11872"
    },
    {
      "name": "CVE-2017-11863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11863"
    },
    {
      "name": "CVE-2017-11871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11871"
    },
    {
      "name": "CVE-2017-11874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11874"
    },
    {
      "name": "CVE-2017-11861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11861"
    },
    {
      "name": "CVE-2017-11841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11841"
    },
    {
      "name": "CVE-2017-11803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11803"
    },
    {
      "name": "CVE-2017-11862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11862"
    },
    {
      "name": "CVE-2017-11844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11844"
    },
    {
      "name": "CVE-2017-11837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11837"
    },
    {
      "name": "CVE-2017-11840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11840"
    },
    {
      "name": "CVE-2017-11839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11839"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-407",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-11-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une divulgation d\u0027informations, une ex\u00e9cution de code \u00e0\ndistance et un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 novembre 2017",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
    }
  ]
}

CERTFR-2017-AVI-411

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	N/A	ChakraCore

References

Title

Publication Time

Tags

None

vendor-advisory