CVE-2017-11874 | Tenable®

Links

Tenable Community & Support

Tenable University

Settings

Severity

Theme

CVE-2017-11874

low

Description

Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11874

http://www.securitytracker.com/id/1039801

http://www.securityfocus.com/bid/101750

Details

Source: MITRE

Published: 2017-11-15

Updated: 2022-05-23

Type: NVD-CWE-noinfo

Risk Information

CVSS v2

Base Score: 2.6

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 4.9

Severity: LOW

CVSS v3

Base Score: 3.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 1.6

Severity: LOW