cvelistv5 - cve-2017-8658

CVE-2017-8658 (GCVE-0-2017-8658)

Vulnerability from cvelistv5 – Published: 2017-08-11 01:00 – Updated: 2024-09-17 02:27

Summary

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

Severity ?

No CVSS data available.

CWE

Remote Code Execution

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/bid/100036	vdb-entryx_refsource_BID
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	ChakraCore	Affected: ChakraCore V1.7.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:41:24.353Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100036",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100036"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ChakraCore",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "ChakraCore V1.7.1"
            }
          ]
        }
      ],
      "datePublic": "2017-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-11T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "100036",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100036"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "DATE_PUBLIC": "2017-08-10T00:00:00",
          "ID": "CVE-2017-8658",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ChakraCore",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ChakraCore V1.7.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100036",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100036"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-8658",
    "datePublished": "2017-08-11T01:00:00Z",
    "dateReserved": "2017-05-03T00:00:00",
    "dateUpdated": "2024-09-17T02:27:48.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.7.0\", \"matchCriteriaId\": \"28D94750-D55B-44A2-9106-E4B52F62EBE4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \\\"Scripting Engine Memory Corruption Vulnerability\\\".\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de ejecuci\\u00f3n remota de c\\u00f3digo que se manifiesta en la forma en la que el motor Chakra JavaScript renderiza cuando gestiona objetos en la memoria. Esto tambi\\u00e9n se conoce como \\\"Scripting Engine Memory Corruption Vulnerability\\\".\"}]",
      "id": "CVE-2017-8658",
      "lastModified": "2024-11-21T03:34:26.980",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-08-11T01:29:02.290",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/100036\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/100036\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-8658\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2017-08-11T01:29:02.290\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \\\"Scripting Engine Memory Corruption Vulnerability\\\".\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo que se manifiesta en la forma en la que el motor Chakra JavaScript renderiza cuando gestiona objetos en la memoria. Esto tambi\u00e9n se conoce como \\\"Scripting Engine Memory Corruption Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.0\",\"matchCriteriaId\":\"28D94750-D55B-44A2-9106-E4B52F62EBE4\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/100036\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100036\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

GHSA-8V2H-4JPM-3WFM

Vulnerability from github – Published: 2022-05-17 01:57 – Updated: 2023-10-24 12:56

Summary

ChakraCore RCE Vulnerability

Details

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.ChakraCore"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-8658"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-27T21:33:54Z",
    "nvd_published_at": "2017-08-11T01:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\".",
  "id": "GHSA-8v2h-4jpm-3wfm",
  "modified": "2023-10-24T12:56:12Z",
  "published": "2022-05-17T01:57:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8658"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chakra-core/ChakraCore/pull/3509"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chakra-core/ChakraCore/commit/2500e1cdc12cb35af73d5c8c9b85656aba6bab4d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/chakra-core/ChakraCore"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20210124090857/http://www.securityfocus.com/bid/100036"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ChakraCore RCE Vulnerability"
}

GSD-2017-8658

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

Aliases

CVE-2017-8658

Aliases

CVE-2017-8658

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-8658",
    "description": "A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\".",
    "id": "GSD-2017-8658"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-8658"
      ],
      "details": "A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\".",
      "id": "GSD-2017-8658",
      "modified": "2023-12-13T01:21:09.205682Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "DATE_PUBLIC": "2017-08-10T00:00:00",
        "ID": "CVE-2017-8658",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ChakraCore",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "ChakraCore V1.7.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "100036",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/100036"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,1.7.0]",
          "affected_versions": "All versions up to 1.7.0",
          "cvss_v2": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-119",
            "CWE-937"
          ],
          "date": "2017-08-24",
          "description": "A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\".",
          "fixed_versions": [
            "1.7.1"
          ],
          "identifier": "CVE-2017-8658",
          "identifiers": [
            "CVE-2017-8658"
          ],
          "not_impacted": "All versions after 1.7.0",
          "package_slug": "nuget/Microsoft.ChakraCore",
          "pubdate": "2017-08-11",
          "solution": "Upgrade to version 1.7.1 or above.",
          "title": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2017-8658",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658",
            "http://www.securityfocus.com/bid/100036"
          ],
          "uuid": "6277dabf-253d-419a-8fa2-dde38e2dca67"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-8658"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658"
            },
            {
              "name": "100036",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/100036"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-08-24T18:40Z",
      "publishedDate": "2017-08-11T01:29Z"
    }
  }
}

CERTFR-2017-AVI-297

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une divulgation d'informations, une élévation de privilèges et une exécution de code à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 16
Microsoft	N/A	ChakraCore
Microsoft	N/A	Microsoft Lync 2013 Service Pack 1 (32 et 64 bits)
Microsoft	N/A	Microsoft Lync 2010 Attendee (installation niveau utilisateur)
Microsoft	N/A	Microsoft Lync 2010 Attendee (installation niveau administrateur)
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 6
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 17
Microsoft	N/A	Microsoft Live Meeting 2007 Add-in
Microsoft	N/A	Microsoft Exchange Server 2013 Service Pack 1
Microsoft	N/A	Microsoft Lync Basic 2013 Service Pack 1 (32 et 64 bits)
Microsoft	N/A	Microsoft Lync 2010 (64 bits)
Microsoft	N/A	Microsoft Publisher 2007 Service Pack 3
Microsoft	N/A	Microsoft Live Meeting 2007 Console
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 5
Microsoft	N/A	Microsoft Publisher 2010 Service Pack 2 (32 et 64 bits)
Microsoft	N/A	Skype pour Business 2016 Basic (32 et 64 bits)
Microsoft	N/A	Xamarin.iOS
Microsoft	N/A	Microsoft Lync 2010 (32 bits)
Microsoft	N/A	Skype pour Business 2016 (32 et 64 bits)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 12 septembre 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2013 Service Pack 1 (32 et 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2010 Attendee (installation niveau utilisateur)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2010 Attendee (installation niveau administrateur)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Live Meeting 2007 Add-in",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync Basic 2013 Service Pack 1 (32 et 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2010 (64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Publisher 2007 Service Pack 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Live Meeting 2007 Console",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Publisher 2010 Service Pack 2 (32 et 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 Basic (32 et 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Xamarin.iOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2010 (32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 (32 et 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-8695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8695"
    },
    {
      "name": "CVE-2017-8758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8758"
    },
    {
      "name": "CVE-2017-8696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8696"
    },
    {
      "name": "CVE-2017-8658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8658"
    },
    {
      "name": "CVE-2017-8665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8665"
    },
    {
      "name": "CVE-2017-8676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8676"
    },
    {
      "name": "CVE-2017-8725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8725"
    },
    {
      "name": "CVE-2017-11761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11761"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-297",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une divulgation d\u0027informations, une \u00e9l\u00e9vation de\nprivil\u00e8ges et une ex\u00e9cution de code \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 septembre 2017",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
    }
  ]
}

CERTFR-2017-AVI-297

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 16
Microsoft	N/A	ChakraCore
Microsoft	N/A	Microsoft Lync 2013 Service Pack 1 (32 et 64 bits)
Microsoft	N/A	Microsoft Lync 2010 Attendee (installation niveau utilisateur)
Microsoft	N/A	Microsoft Lync 2010 Attendee (installation niveau administrateur)
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 6
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 17
Microsoft	N/A	Microsoft Live Meeting 2007 Add-in
Microsoft	N/A	Microsoft Exchange Server 2013 Service Pack 1
Microsoft	N/A	Microsoft Lync Basic 2013 Service Pack 1 (32 et 64 bits)
Microsoft	N/A	Microsoft Lync 2010 (64 bits)
Microsoft	N/A	Microsoft Publisher 2007 Service Pack 3
Microsoft	N/A	Microsoft Live Meeting 2007 Console
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 5
Microsoft	N/A	Microsoft Publisher 2010 Service Pack 2 (32 et 64 bits)
Microsoft	N/A	Skype pour Business 2016 Basic (32 et 64 bits)
Microsoft	N/A	Xamarin.iOS
Microsoft	N/A	Microsoft Lync 2010 (32 bits)
Microsoft	N/A	Skype pour Business 2016 (32 et 64 bits)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 12 septembre 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2013 Service Pack 1 (32 et 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2010 Attendee (installation niveau utilisateur)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2010 Attendee (installation niveau administrateur)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Live Meeting 2007 Add-in",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync Basic 2013 Service Pack 1 (32 et 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2010 (64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Publisher 2007 Service Pack 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Live Meeting 2007 Console",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Publisher 2010 Service Pack 2 (32 et 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 Basic (32 et 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Xamarin.iOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2010 (32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 (32 et 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-8695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8695"
    },
    {
      "name": "CVE-2017-8758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8758"
    },
    {
      "name": "CVE-2017-8696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8696"
    },
    {
      "name": "CVE-2017-8658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8658"
    },
    {
      "name": "CVE-2017-8665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8665"
    },
    {
      "name": "CVE-2017-8676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8676"
    },
    {
      "name": "CVE-2017-8725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8725"
    },
    {
      "name": "CVE-2017-11761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11761"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-297",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une divulgation d\u0027informations, une \u00e9l\u00e9vation de\nprivil\u00e8ges et une ex\u00e9cution de code \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 septembre 2017",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
    }
  ]
}

CNVD-2017-28298

Vulnerability from cnvd - Published: 2017-09-26

Title

Microsoft Chakra JavaScript引擎远程代码执行漏洞

Description

Microsoft Chakra JavaScript engine是美国微软（Microsoft）公司的一个应用在IE和Edge（Web浏览器）中的JavaScript引擎组件。 Microsoft Chakra JavaScript引擎中存在远程代码执行漏洞。远程攻击者可利用该漏洞在当前用户的上下文中执行任意代码，造成内存破坏。

Severity

高

Patch Name

Microsoft Chakra JavaScript引擎远程代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-8658

Impacted products

Name
Microsoft ChakraCore <=1.7.0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "100036"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8658"
    }
  },
  "description": "Microsoft Chakra JavaScript engine\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u5728IE\u548cEdge\uff08Web\u6d4f\u89c8\u5668\uff09\u4e2d\u7684JavaScript\u5f15\u64ce\u7ec4\u4ef6\u3002\r\n\r\nMicrosoft Chakra JavaScript\u5f15\u64ce\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u9020\u6210\u5185\u5b58\u7834\u574f\u3002",
  "discovererName": "Microsoft ChakraCore Team",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-28298",
  "openTime": "2017-09-26",
  "patchDescription": "Microsoft Chakra JavaScript engine\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u5728IE\u548cEdge\uff08Web\u6d4f\u89c8\u5668\uff09\u4e2d\u7684JavaScript\u5f15\u64ce\u7ec4\u4ef6\u3002\r\n\r\nMicrosoft Chakra JavaScript\u5f15\u64ce\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u9020\u6210\u5185\u5b58\u7834\u574f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Chakra JavaScript\u5f15\u64ce\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft ChakraCore \u003c=1.7.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-8658",
  "serverity": "\u9ad8",
  "submitTime": "2017-08-11",
  "title": "Microsoft Chakra JavaScript\u5f15\u64ce\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2017-8658

Vulnerability from fkie_nvd - Published: 2017-08-11 01:29 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/100036	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100036	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	microsoft	chakracore	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D94750-D55B-44A2-9106-E4B52F62EBE4",
              "versionEndIncluding": "1.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo que se manifiesta en la forma en la que el motor Chakra JavaScript renderiza cuando gestiona objetos en la memoria. Esto tambi\u00e9n se conoce como \"Scripting Engine Memory Corruption Vulnerability\"."
    }
  ],
  "id": "CVE-2017-8658",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-11T01:29:02.290",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100036"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-8658 (GCVE-0-2017-8658)

GHSA-8V2H-4JPM-3WFM

GSD-2017-8658

CERTFR-2017-AVI-297

Solution

CERTFR-2017-AVI-297

Solution

CNVD-2017-28298

FKIE_CVE-2017-8658

Tags

Sightings

Nomenclature