Published: 08/08/2017 Updated: 19/03/2019

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 780

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an malicious user to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft internet_explorer 10
microsoft internet_explorer 11
microsoft internet_explorer 9
microsoft edge -

Microsoft Edge Chakra suffers from an integer overflow vulnerability in EmitNew ...

<!-- Source: bugschromiumorg/p/project-zero/issues/detail?id=1315 The bytecode generator uses the "EmitNew" function to handle new operators Here's the code how the function checks for integer overflow void EmitNew(ParseNode* pnode, ByteCodeGenerator* byteCodeGenerator, FuncInfo* funcInfo) { Js::ArgSlot argCount = pnode->sxCa ...

<!-- Report by Huang Anwen, He Xiaoxiao of ichunqiu Ker Team The issue could lead a nullptr derefrence besides a stack overflow we metioned previously // ChakraCore-master\lib\Runtime\ByteCode\ByteCodeEmittercpp Js::ArgSlot EmitArgList( ParseNode *pnode, Js::RegSlot rhsLocation, Js::RegSlot thisLocation, Js::RegSlot newTarget ...

<!-- Report by Huang Anwen, He Xiaoxiao of ichunqiu Ker Team This is the HEAP BASED OVERFLOW version of the issue // ChakraCore-master\lib\Runtime\Language\InterpreterStackFramecpp Var InterpreterStackFrame::InterpreterHelper(ScriptFunction* function, ArgumentReader args, void* returnAddress, void* addressOfReturnAddress, const bool isA ...

<!-- Report by Huang Anwen, He Xiaoxiao of ichunqiu Ker Team There is an overflow when constructoring a new object with arguments which has 0xffff elements in Chakra! This issue can be reproduced steadly in uptodate Edge in Win10 WIP //ChakraCore-master\lib\Runtime\ByteCode\ByteCodeEmittercpp void EmitNew(ParseNode* pnode, ByteCodeGenerator* ...

CWE-119 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8636 http://www.securitytracker.com/id/1039095 http://www.securitytracker.com/id/1039094 http://www.securityfocus.com/bid/100056 https://www.exploit-db.com/exploits/42478/https://www.exploit-db.com/exploits/42468/https://www.exploit-db.com/exploits/42467/https://www.exploit-db.com/exploits/42466/https://nvd.nist.gov https://packetstormsecurity.com/files/143800/Microsoft-Edge-Chakra-EmitNew-Integer-Overflow.html https://www.exploit-db.com/exploits/42478/

CVE-2017-8636

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect