CVE-2017-8520

EUVD-2017-17470
Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
microsoftedge
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
1703 (x64, x86)
KB4022725
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98924
http://www.securitytracker.com/id/1038661
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8520
http://www.securityfocus.com/bid/98924
http://www.securitytracker.com/id/1038661
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8520