Vulnerability Name: | CVE-2017-8604 (CCN-127698) | ||||||||||||
Assigned: | 2017-07-11 | ||||||||||||
Published: | 2017-07-11 | ||||||||||||
Updated: | 2017-07-13 | ||||||||||||
Summary: | Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8610, CVE-2017-8603, CVE-2017-8598, CVE-2017-8601, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
3.7 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
| ||||||||||||
Vulnerability Type: | CWE-119 | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2017-8604 Source: BID Type: Third Party Advisory, VDB Entry 99407 Source: CCN Type: BID-99407 Microsoft Edge CVE-2017-8604 Scripting Engine Remote Memory Corruption Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1038849 Source: XF Type: UNKNOWN ms-edge-cve20178604-code-exec(127698) Source: CCN Type: Microsoft Security TechCenter Security Update Guide - July 2017 Security Updates Source: CONFIRM Type: Patch, Vendor Advisory https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8604 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |