cvelistv5 - cve-2017-11767

CVE-2017-11767 (GCVE-0-2017-11767)

Vulnerability from cvelistv5 – Published: 2017-11-02 19:00 – Updated: 2024-09-16 19:14

Summary

ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

Severity ?

No CVSS data available.

CWE

Remote Code Execution

Assigner

microsoft

References

URL

Tags

	http://www.securitytracker.com/id/1039369	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/100838	vdb-entryx_refsource_BID
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	ChakraCore	Affected: ChakraCore

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:19:39.209Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039369",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039369"
          },
          {
            "name": "100838",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100838"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ChakraCore",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "ChakraCore"
            }
          ]
        }
      ],
      "datePublic": "2017-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1039369",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039369"
        },
        {
          "name": "100838",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100838"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "DATE_PUBLIC": "2017-09-14T00:00:00",
          "ID": "CVE-2017-11767",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ChakraCore",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ChakraCore"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039369",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039369"
            },
            {
              "name": "100838",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100838"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-11767",
    "datePublished": "2017-11-02T19:00:00Z",
    "dateReserved": "2017-07-31T00:00:00",
    "dateUpdated": "2024-09-16T19:14:56.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FF3889F-978A-4F39-9A0D-E633A887059B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka \\\"Scripting Engine Memory Corruption Vulnerability\\\".\"}, {\"lang\": \"es\", \"value\": \"ChakraCore permite que un atacante obtenga los mismos derechos de usuario que el usuario actual por la manera en la que el motor de scripting de ChakraCore maneja los objetos en la memoria. Esta vulnerabilidad tambi\\u00e9n se conoce como \\\"Scripting Engine Memory Corruption Vulnerability\\\".\"}]",
      "id": "CVE-2017-11767",
      "lastModified": "2024-11-21T03:08:28.040",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-11-02T19:29:00.263",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/100838\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039369\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/100838\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039369\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-11767\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2017-11-02T19:29:00.263\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka \\\"Scripting Engine Memory Corruption Vulnerability\\\".\"},{\"lang\":\"es\",\"value\":\"ChakraCore permite que un atacante obtenga los mismos derechos de usuario que el usuario actual por la manera en la que el motor de scripting de ChakraCore maneja los objetos en la memoria. Esta vulnerabilidad tambi\u00e9n se conoce como \\\"Scripting Engine Memory Corruption Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FF3889F-978A-4F39-9A0D-E633A887059B\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/100838\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039369\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100838\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039369\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}"
  }
}

GHSA-C79V-2RJQ-965M

Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2023-10-10 15:00

Summary

ChakraCore vulnerable to privilege escalation

Details

ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.ChakraCore"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-11767"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-26T19:37:50Z",
    "nvd_published_at": "2017-11-02T19:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\n",
  "id": "GHSA-c79v-2rjq-965m",
  "modified": "2023-10-10T15:00:23Z",
  "published": "2022-05-13T01:42:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11767"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chakra-core/ChakraCore/pull/3727"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chakra-core/ChakraCore/pull/3727/commits/b3e3959d14814f42ee2197c504c322bcbe12347d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chakra-core/ChakraCore/commit/b3e3959d14814f42ee2197c504c322bcbe12347d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/chakra-core/ChakraCore"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2017-11767"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20210124103810/http://www.securityfocus.com/bid/100838"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20211127230635/http://www.securitytracker.com/id/1039369"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ChakraCore vulnerable to privilege escalation"
}

FKIE_CVE-2017-11767

Vulnerability from fkie_nvd - Published: 2017-11-02 19:29 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/100838	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1039369	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100838	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039369	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767	Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	microsoft	chakracore	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF3889F-978A-4F39-9A0D-E633A887059B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"."
    },
    {
      "lang": "es",
      "value": "ChakraCore permite que un atacante obtenga los mismos derechos de usuario que el usuario actual por la manera en la que el motor de scripting de ChakraCore maneja los objetos en la memoria. Esta vulnerabilidad tambi\u00e9n se conoce como \"Scripting Engine Memory Corruption Vulnerability\"."
    }
  ],
  "id": "CVE-2017-11767",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-02T19:29:00.263",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100838"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039369"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2017-AVI-346

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Microsoft . Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	ChakraCore
Microsoft	N/A	Microsoft Lync 2013 Service Pack 1 (64 bits)
Microsoft	N/A	Skype pour Business 2016 (64 bits)
Microsoft	N/A	Skype pour Business 2016 (32 bits)
Microsoft	N/A	Microsoft Lync 2013 Service Pack 1 (32 bits)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft octobre du 10 octobre 2017	None	vendor-advisory
Bulletin de sécurité Microsoft du 10 octobre 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2013 Service Pack 1 (64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 (64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 (32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2013 Service Pack 1 (32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-11797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11797"
    },
    {
      "name": "CVE-2017-11811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11811"
    },
    {
      "name": "CVE-2017-11805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11805"
    },
    {
      "name": "CVE-2017-11806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11806"
    },
    {
      "name": "CVE-2017-11786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11786"
    },
    {
      "name": "CVE-2017-11804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11804"
    },
    {
      "name": "CVE-2017-11799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11799"
    },
    {
      "name": "CVE-2017-11796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11796"
    },
    {
      "name": "CVE-2017-11802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11802"
    },
    {
      "name": "CVE-2017-11801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11801"
    },
    {
      "name": "CVE-2017-11767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11767"
    },
    {
      "name": "CVE-2017-11792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11792"
    },
    {
      "name": "CVE-2017-11809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11809"
    },
    {
      "name": "CVE-2017-11808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11808"
    },
    {
      "name": "CVE-2017-11807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11807"
    },
    {
      "name": "CVE-2017-11821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11821"
    },
    {
      "name": "CVE-2017-11812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11812"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-346",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-10-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nMicrosoft . Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft octobre du 10 octobre 2017",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 octobre 2017",
      "url": "https://portal.msrc.microsoft.com/fr-fr/security-guidance/releasenotedetail/313ae481-3088-e711-80e2-000d3a32fc99"
    }
  ]
}

CERTFR-2017-AVI-346

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	ChakraCore
Microsoft	N/A	Microsoft Lync 2013 Service Pack 1 (64 bits)
Microsoft	N/A	Skype pour Business 2016 (64 bits)
Microsoft	N/A	Skype pour Business 2016 (32 bits)
Microsoft	N/A	Microsoft Lync 2013 Service Pack 1 (32 bits)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft octobre du 10 octobre 2017	None	vendor-advisory
Bulletin de sécurité Microsoft du 10 octobre 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2013 Service Pack 1 (64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 (64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 (32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2013 Service Pack 1 (32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-11797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11797"
    },
    {
      "name": "CVE-2017-11811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11811"
    },
    {
      "name": "CVE-2017-11805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11805"
    },
    {
      "name": "CVE-2017-11806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11806"
    },
    {
      "name": "CVE-2017-11786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11786"
    },
    {
      "name": "CVE-2017-11804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11804"
    },
    {
      "name": "CVE-2017-11799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11799"
    },
    {
      "name": "CVE-2017-11796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11796"
    },
    {
      "name": "CVE-2017-11802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11802"
    },
    {
      "name": "CVE-2017-11801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11801"
    },
    {
      "name": "CVE-2017-11767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11767"
    },
    {
      "name": "CVE-2017-11792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11792"
    },
    {
      "name": "CVE-2017-11809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11809"
    },
    {
      "name": "CVE-2017-11808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11808"
    },
    {
      "name": "CVE-2017-11807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11807"
    },
    {
      "name": "CVE-2017-11821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11821"
    },
    {
      "name": "CVE-2017-11812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11812"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-346",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-10-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nMicrosoft . Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft octobre du 10 octobre 2017",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 octobre 2017",
      "url": "https://portal.msrc.microsoft.com/fr-fr/security-guidance/releasenotedetail/313ae481-3088-e711-80e2-000d3a32fc99"
    }
  ]
}

CNVD-2017-34860

Vulnerability from cnvd - Published: 2017-11-22

Title

Microsoft Edge scripting引擎内存破坏代码执行漏洞

Description

Microsoft Edge是美国微软公司开发的一款Web浏览器。 Microsoft Edge scripting引擎存在内存破坏漏洞，允许远程攻击者利用漏洞提交特制的请求，使应用程序崩溃或可执行任意代码。

Severity

高

Patch Name

Microsoft Edge scripting引擎内存破坏代码执行漏洞的补丁

Patch Description

Microsoft Edge是美国微软公司开发的一款Web浏览器。 Microsoft Edge scripting引擎存在内存破坏漏洞，允许远程攻击者利用漏洞提交特制的请求，使应用程序崩溃或可执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767

Reference

http://securitytracker.com/id/1039369

Impacted products

Name
Microsoft Edge 0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "100838"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-11767",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11767"
    }
  },
  "description": "Microsoft Edge\u662f\u7f8e\u56fd\u5fae\u8f6f\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft Edge scripting\u5f15\u64ce\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u5236\u7684\u8bf7\u6c42\uff0c\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u53ef\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34860",
  "openTime": "2017-11-22",
  "patchDescription": "Microsoft Edge\u662f\u7f8e\u56fd\u5fae\u8f6f\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft Edge scripting\u5f15\u64ce\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u5236\u7684\u8bf7\u6c42\uff0c\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u53ef\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Edge scripting\u5f15\u64ce\u5185\u5b58\u7834\u574f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Edge 0"
  },
  "referenceLink": "http://securitytracker.com/id/1039369",
  "serverity": "\u9ad8",
  "submitTime": "2017-09-21",
  "title": "Microsoft Edge scripting\u5f15\u64ce\u5185\u5b58\u7834\u574f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

GSD-2017-11767

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-11767

Aliases

CVE-2017-11767

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-11767",
    "description": "ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\".",
    "id": "GSD-2017-11767"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-11767"
      ],
      "details": "ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\".",
      "id": "GSD-2017-11767",
      "modified": "2023-12-13T01:21:15.889435Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "DATE_PUBLIC": "2017-09-14T00:00:00",
        "ID": "CVE-2017-11767",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ChakraCore",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "ChakraCore"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1039369",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039369"
          },
          {
            "name": "100838",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/100838"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,)",
          "affected_versions": "All versions",
          "cvss_v2": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-119",
            "CWE-937"
          ],
          "date": "2019-10-03",
          "description": "ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\".",
          "fixed_versions": [],
          "identifier": "CVE-2017-11767",
          "identifiers": [
            "CVE-2017-11767"
          ],
          "not_impacted": "",
          "package_slug": "nuget/Microsoft.ChakraCore",
          "pubdate": "2017-11-02",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2017-11767",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767",
            "http://www.securitytracker.com/id/1039369",
            "http://www.securityfocus.com/bid/100838"
          ],
          "uuid": "42635c0a-d4ee-420c-9541-8f404be71c60"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-11767"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767"
            },
            {
              "name": "1039369",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039369"
            },
            {
              "name": "100838",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/100838"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-11-02T19:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-11767 (GCVE-0-2017-11767)

GHSA-C79V-2RJQ-965M

FKIE_CVE-2017-11767

CERTFR-2017-AVI-346

Solution

CERTFR-2017-AVI-346

Solution

CNVD-2017-34860

GSD-2017-11767

Tags

Sightings

Nomenclature