|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-07-04 | |
| Rule Name: | Microsoft Edge Chakra GetPropertyBuiltins scriptFunction Type Confusion Vulnerability (CVE-2017-11914) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | SecurityFocusBID:102088 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11914 SecurityTrackerID:1039990 ExploitDB:43713 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11914 |