CVE-2017-11767

EPSS 9.5%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 9.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

02 Nov 2017Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

Affected products

Microsoft Corporation · ChakraCore

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767 http://www.securityfocus.com/bid/100838 http://www.securitytracker.com/id/1039369