CVE-2017-11909
HIGHChakraCore and Windows 10/Server - Memory Corruption
Title source: llmDescription
ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · javascriptdoswindows
https://www.exploit-db.com/exploits/43467
References (4)
Scores
CVSS v3
7.5
EPSS
0.7399
EPSS Percentile
98.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Classification
CWE
CWE-119
Status
draft
Affected Products (3)
microsoft/edge
microsoft/chakracore
< 1.7.5
nuget/Microsoft.ChakraCore
< 1.7.5NuGet
Timeline
Published
Dec 12, 2017
Tracked Since
Feb 18, 2026