ChakraCore information disclosure vulnerability

GHSA-pjpr-2qqp-gprf · CVE-2017-0208

Published May 17, 2022 · Modified Feb 16, 2024

Description

An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-0208
WEB https://github.com/chakra-core/ChakraCore/pull/2834
WEB https://github.com/chakra-core/ChakraCore/commit/54d6d085987e2c399863940179db67b594d7f0a3
PACKAGE https://github.com/chakra-core/ChakraCore
WEB https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208
WEB https://web.archive.org/web/20210124023848/http://www.securityfocus.com/bid/97460
WEB https://web.archive.org/web/20211201121401/http://www.securitytracker.com/id/1038234

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes