CVE-2017-11874

LOW

Description

Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872.

References

http://www.securityfocus.com/bid/101750

http://www.securitytracker.com/id/1039801

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11874

Details

Source: MITRE

Published: 2017-11-15

Updated: 2017-11-30

Type: CWE-254

Risk Information

CVSS v2.0

Base Score: 2.6

Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)

Impact Score: 2.9

Exploitability Score: 4.9

Severity: LOW

CVSS v3.0

Base Score: 3.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 1.6

Severity: LOW