cvelistv5 - CVE-2017-8646

CVE-2017-8646 (GCVE-0-2017-8646)

Vulnerability from cvelistv5 – Published: 2017-08-08 21:00 – Updated: 2024-09-16 19:29

Summary

Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

Severity ?

No CVSS data available.

CWE

Remote Code Execution

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/bid/100053	vdb-entryx_refsource_BID
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/42470/	exploitx_refsource_EXPLOIT-DB
	http://www.securitytracker.com/id/1039095	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	Microsoft Scripting Engine	Affected: Windows 10 1511, 1607, 1703, and Windows Server 2016.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:41:24.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100053",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100053"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646"
          },
          {
            "name": "42470",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42470/"
          },
          {
            "name": "1039095",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039095"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Scripting Engine",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Windows 10 1511, 1607, 1703, and Windows Server 2016."
            }
          ]
        }
      ],
      "datePublic": "2017-08-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-19T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "100053",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100053"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646"
        },
        {
          "name": "42470",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42470/"
        },
        {
          "name": "1039095",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039095"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "DATE_PUBLIC": "2017-08-08T00:00:00",
          "ID": "CVE-2017-8646",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Scripting Engine",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows 10 1511, 1607, 1703, and Windows Server 2016."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100053",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100053"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646"
            },
            {
              "name": "42470",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/42470/"
            },
            {
              "name": "1039095",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039095"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-8646",
    "datePublished": "2017-08-08T21:00:00Z",
    "dateReserved": "2017-05-03T00:00:00",
    "dateUpdated": "2024-09-16T19:29:56.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BD5B232-95EA-4F8E-8C7D-7976877AD243\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"232581CC-130A-4C62-A7E9-2EC9A9364D53\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEE2E768-0F45-46E1-B6D7-087917109D98\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF6437F9-6631-49D3-A6C2-62329E278E31\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \\\"Scripting Engine Memory Corruption Vulnerability\\\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.\"}, {\"lang\": \"es\", \"value\": \"Microsoft Edge en Windows 10 1511, 1607, 1703, y Windows Server 2016 permite que un atacante ejecute c\\u00f3digo arbitrario en el contexto del usuario actual debido a la forma en la que los motores JavaScript del navegador de Microsoft renderizan contenido cuando gestionan objetos en la memoria. Esto tambi\\u00e9n se conoce como \\\"Scripting Engine Memory Corruption Vulnerability\\\". Este ID CVE es exclusivo de CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, y CVE-2017-8674.\"}]",
      "id": "CVE-2017-8646",
      "lastModified": "2024-11-21T03:34:25.533",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 4.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-08-08T21:29:01.297",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/100053\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039095\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/42470/\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/100053\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039095\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/42470/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-8646\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2017-08-08T21:29:01.297\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \\\"Scripting Engine Memory Corruption Vulnerability\\\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.\"},{\"lang\":\"es\",\"value\":\"Microsoft Edge en Windows 10 1511, 1607, 1703, y Windows Server 2016 permite que un atacante ejecute c\u00f3digo arbitrario en el contexto del usuario actual debido a la forma en la que los motores JavaScript del navegador de Microsoft renderizan contenido cuando gestionan objetos en la memoria. Esto tambi\u00e9n se conoce como \\\"Scripting Engine Memory Corruption Vulnerability\\\". Este ID CVE es exclusivo de CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, y CVE-2017-8674.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BD5B232-95EA-4F8E-8C7D-7976877AD243\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"232581CC-130A-4C62-A7E9-2EC9A9364D53\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEE2E768-0F45-46E1-B6D7-087917109D98\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF6437F9-6631-49D3-A6C2-62329E278E31\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/100053\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039095\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/42470/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/100053\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039095\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/42470/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2017-AVI-258

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 08 août 2017	None	vendor-advisory
Bulletin de sécurité Microsoft b3d96835-f651-e711-80dd-000d3a32fc99 du 08 août 2017	None	vendor-advisory
Bulletin de sécurité Microsoft b3d96835-f651-e711-80dd-000d3a32fc99 du 08 août 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-8645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8645"
    },
    {
      "name": "CVE-2017-8646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8646"
    },
    {
      "name": "CVE-2017-8653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8653"
    },
    {
      "name": "CVE-2017-8634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8634"
    },
    {
      "name": "CVE-2017-8644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8644"
    },
    {
      "name": "CVE-2017-8639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8639"
    },
    {
      "name": "CVE-2017-8650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8650"
    },
    {
      "name": "CVE-2017-8674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8674"
    },
    {
      "name": "CVE-2017-8642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8642"
    },
    {
      "name": "CVE-2017-8518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8518"
    },
    {
      "name": "CVE-2017-8661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8661"
    },
    {
      "name": "CVE-2017-8657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8657"
    },
    {
      "name": "CVE-2017-8637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8637"
    },
    {
      "name": "CVE-2017-8669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8669"
    },
    {
      "name": "CVE-2017-8647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8647"
    },
    {
      "name": "CVE-2017-8638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8638"
    },
    {
      "name": "CVE-2017-8641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8641"
    },
    {
      "name": "CVE-2017-8670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8670"
    },
    {
      "name": "CVE-2017-8671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8671"
    },
    {
      "name": "CVE-2017-8672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8672"
    },
    {
      "name": "CVE-2017-8662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8662"
    },
    {
      "name": "CVE-2017-8659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8659"
    },
    {
      "name": "CVE-2017-8503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8503"
    },
    {
      "name": "CVE-2017-8652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8652"
    },
    {
      "name": "CVE-2017-8640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8640"
    },
    {
      "name": "CVE-2017-8655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8655"
    },
    {
      "name": "CVE-2017-8636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8636"
    },
    {
      "name": "CVE-2017-8656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8656"
    },
    {
      "name": "CVE-2017-8635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8635"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft    b3d96835-f651-e711-80dd-000d3a32fc99 du 08 ao\u00fbt 2017",
      "url": "https://portal.msrc.microsoft.com/fr-fr/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99"
    }
  ],
  "reference": "CERTFR-2017-AVI-258",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-08-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun contournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 ao\u00fbt 2017",
      "url": "https://portal.msrc.microsoft.com/fr-fr/security-guidance"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft b3d96835-f651-e711-80dd-000d3a32fc99 du 08 ao\u00fbt 2017",
      "url": null
    }
  ]
}

CERTFR-2017-AVI-258

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 08 août 2017	None	vendor-advisory
Bulletin de sécurité Microsoft b3d96835-f651-e711-80dd-000d3a32fc99 du 08 août 2017	None	vendor-advisory
Bulletin de sécurité Microsoft b3d96835-f651-e711-80dd-000d3a32fc99 du 08 août 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-8645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8645"
    },
    {
      "name": "CVE-2017-8646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8646"
    },
    {
      "name": "CVE-2017-8653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8653"
    },
    {
      "name": "CVE-2017-8634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8634"
    },
    {
      "name": "CVE-2017-8644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8644"
    },
    {
      "name": "CVE-2017-8639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8639"
    },
    {
      "name": "CVE-2017-8650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8650"
    },
    {
      "name": "CVE-2017-8674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8674"
    },
    {
      "name": "CVE-2017-8642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8642"
    },
    {
      "name": "CVE-2017-8518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8518"
    },
    {
      "name": "CVE-2017-8661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8661"
    },
    {
      "name": "CVE-2017-8657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8657"
    },
    {
      "name": "CVE-2017-8637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8637"
    },
    {
      "name": "CVE-2017-8669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8669"
    },
    {
      "name": "CVE-2017-8647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8647"
    },
    {
      "name": "CVE-2017-8638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8638"
    },
    {
      "name": "CVE-2017-8641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8641"
    },
    {
      "name": "CVE-2017-8670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8670"
    },
    {
      "name": "CVE-2017-8671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8671"
    },
    {
      "name": "CVE-2017-8672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8672"
    },
    {
      "name": "CVE-2017-8662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8662"
    },
    {
      "name": "CVE-2017-8659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8659"
    },
    {
      "name": "CVE-2017-8503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8503"
    },
    {
      "name": "CVE-2017-8652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8652"
    },
    {
      "name": "CVE-2017-8640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8640"
    },
    {
      "name": "CVE-2017-8655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8655"
    },
    {
      "name": "CVE-2017-8636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8636"
    },
    {
      "name": "CVE-2017-8656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8656"
    },
    {
      "name": "CVE-2017-8635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8635"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft    b3d96835-f651-e711-80dd-000d3a32fc99 du 08 ao\u00fbt 2017",
      "url": "https://portal.msrc.microsoft.com/fr-fr/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99"
    }
  ],
  "reference": "CERTFR-2017-AVI-258",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-08-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun contournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 ao\u00fbt 2017",
      "url": "https://portal.msrc.microsoft.com/fr-fr/security-guidance"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft b3d96835-f651-e711-80dd-000d3a32fc99 du 08 ao\u00fbt 2017",
      "url": null
    }
  ]
}

CNVD-2017-20498

Vulnerability from cnvd - Published: 2017-08-11

Title

Microsoft Windows Edge JavaScript引擎远程代码执行漏洞

Description

Microsoft Windows 10和Windows Server 2016都是美国微软（Microsoft）公司的产品。前者是一套供个人电脑使用的操作系统，后者是一套服务器操作系统。Edge是其中的一个系统附带的默认浏览器。JavaScript engines是其中的一个JavaScript引擎组件。 Microsoft Windows中的Edge的JavaScript引擎存在远程代码执行漏洞。远程攻击者可利用该漏洞在当前用户的上下文中执行任意代码，造成内存破坏。

Severity

高

Patch Name

Microsoft Windows Edge JavaScript引擎远程代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-8646

Impacted products

Name
['Microsoft Windows 10 1511', 'Microsoft Windows 10 1607', 'Microsoft Windows Server 2016', 'Microsoft Windows 10 1703']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "100053"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8646"
    }
  },
  "description": "Microsoft Windows 10\u548cWindows Server 2016\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002\u524d\u8005\u662f\u4e00\u5957\u4f9b\u4e2a\u4eba\u7535\u8111\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\uff0c\u540e\u8005\u662f\u4e00\u5957\u670d\u52a1\u5668\u64cd\u4f5c\u7cfb\u7edf\u3002Edge\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002JavaScript engines\u662f\u5176\u4e2d\u7684\u4e00\u4e2aJavaScript\u5f15\u64ce\u7ec4\u4ef6\u3002\r\n\r\nMicrosoft Windows\u4e2d\u7684Edge\u7684JavaScript\u5f15\u64ce\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u9020\u6210\u5185\u5b58\u7834\u574f\u3002",
  "discovererName": "Lokihart of Google Project Zero",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-20498",
  "openTime": "2017-08-11",
  "patchDescription": "Microsoft Windows 10\u548cWindows Server 2016\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002\u524d\u8005\u662f\u4e00\u5957\u4f9b\u4e2a\u4eba\u7535\u8111\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\uff0c\u540e\u8005\u662f\u4e00\u5957\u670d\u52a1\u5668\u64cd\u4f5c\u7cfb\u7edf\u3002Edge\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002JavaScript engines\u662f\u5176\u4e2d\u7684\u4e00\u4e2aJavaScript\u5f15\u64ce\u7ec4\u4ef6\u3002\r\n\r\nMicrosoft Windows\u4e2d\u7684Edge\u7684JavaScript\u5f15\u64ce\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u9020\u6210\u5185\u5b58\u7834\u574f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Windows Edge JavaScript\u5f15\u64ce\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows 10  1511",
      "Microsoft Windows 10 1607",
      "Microsoft Windows Server 2016",
      "Microsoft Windows 10 1703"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-8646",
  "serverity": "\u9ad8",
  "submitTime": "2017-08-09",
  "title": "Microsoft Windows Edge JavaScript\u5f15\u64ce\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

GHSA-5H64-F677-76HX

Vulnerability from github – Published: 2022-05-17 01:59 – Updated: 2025-04-20 03:42

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-8646"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-08T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.",
  "id": "GHSA-5h64-f677-76hx",
  "modified": "2025-04-20T03:42:49Z",
  "published": "2022-05-17T01:59:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8646"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/42470"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100053"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039095"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-8646

Vulnerability from fkie_nvd - Published: 2017-08-08 21:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/100053	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1039095	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646	Patch, Vendor Advisory
secure@microsoft.com	https://www.exploit-db.com/exploits/42470/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100053	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039095	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/42470/

Impacted products

Vendor	Product	Version
microsoft	edge	*
microsoft	windows_10	1511
microsoft	windows_10	1607
microsoft	windows_10	1703
microsoft	windows_server_2016	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BD5B232-95EA-4F8E-8C7D-7976877AD243",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
              "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674."
    },
    {
      "lang": "es",
      "value": "Microsoft Edge en Windows 10 1511, 1607, 1703, y Windows Server 2016 permite que un atacante ejecute c\u00f3digo arbitrario en el contexto del usuario actual debido a la forma en la que los motores JavaScript del navegador de Microsoft renderizan contenido cuando gestionan objetos en la memoria. Esto tambi\u00e9n se conoce como \"Scripting Engine Memory Corruption Vulnerability\". Este ID CVE es exclusivo de CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, y CVE-2017-8674."
    }
  ],
  "id": "CVE-2017-8646",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T21:29:01.297",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100053"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039095"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://www.exploit-db.com/exploits/42470/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/42470/"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-8646

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-8646

Aliases

CVE-2017-8646

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-8646",
    "description": "Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.",
    "id": "GSD-2017-8646",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2017-8646"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-8646"
      ],
      "details": "Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.",
      "id": "GSD-2017-8646",
      "modified": "2023-12-13T01:21:08.346623Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "DATE_PUBLIC": "2017-08-08T00:00:00",
        "ID": "CVE-2017-8646",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Scripting Engine",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Windows 10 1511, 1607, 1703, and Windows Server 2016."
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "100053",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/100053"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646"
          },
          {
            "name": "42470",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/42470/"
          },
          {
            "name": "1039095",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039095"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-8646"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646"
            },
            {
              "name": "1039095",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039095"
            },
            {
              "name": "100053",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/100053"
            },
            {
              "name": "42470",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/42470/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-08-20T01:29Z",
      "publishedDate": "2017-08-08T21:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-8646 (GCVE-0-2017-8646)

CERTFR-2017-AVI-258

Solution

CERTFR-2017-AVI-258

Solution

CNVD-2017-20498

GHSA-5H64-F677-76HX

FKIE_CVE-2017-8646

GSD-2017-8646

Tags

Sightings

Nomenclature