CVE-2017-11874

low

Description

Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872.

References

Advisories
More

http://www.securitytracker.com/id/1039801

http://www.securityfocus.com/bid/101750

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11874

Details

Source: Mitre, NVD

Published: 2017-11-15

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 3.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: Low

EPSS

EPSS: 0.02013