CVE-2017-11874 Information
Feb 14, 2021
cve
Description
Microsoft Edge in Microsoft Windows 10 1703 1709 Windows Server version 1709 and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler aka \Microsoft Edge Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872.
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Reference
http://www.securityfocus.com/bid/101750 http://www.securitytracker.com/id/1039801 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11874
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
LOW
Base Score
NONE
Base Severity
3.1
Share on: