ChakraCore information disclosure vulnerability

GHSA-h6m7-jphx-f9p5 · CVE-2017-8659

Published May 17, 2022 · Modified Feb 16, 2024

Description

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-8659
WEB https://github.com/chakra-core/ChakraCore/pull/3509
WEB https://github.com/chakra-core/ChakraCore/commit/2500e1cdc12cb35af73d5c8c9b85656aba6bab4d
PACKAGE https://github.com/chakra-core/ChakraCore
WEB https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8659
WEB https://web.archive.org/web/20210612224703/http://www.securityfocus.com/bid/100029
WEB https://web.archive.org/web/20211127144809/http://www.securitytracker.com/id/1039095

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes