CVE-2017-0152

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-0152
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-0152.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-0152
Published
2017-07-17T13:18:11Z
Modified
2025-01-08T09:58:14.353958Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability."

References

Affected packages

Git / github.com/chakra-core/chakracore

Affected ranges

Type
GIT
Repo
https://github.com/chakra-core/chakracore
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v1.*

v1.2.0.0
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.3.1
v1.3.2
v1.4.0
v1.4.1