CVE-2017-0028
CRITICALMicrosoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
Title source: llmDescription
A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability."
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/Microsoft/ChakraCore/commit/402f3d967c0a905ec5b9ca9c240783d3f2c15724
Scores
CVSS v3
9.8
EPSS
0.1963
EPSS Percentile
95.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (2)
microsoft/edge
Microsoft Corporation/Microsoft ChakraCore
Microsoft ChakraCore
Published
Jul 17, 2017
Tracked Since
Feb 18, 2026