CVE-2017-0235 — ChakraCore RCE Vulnerability

Description

A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238.

How to fix CVE-2017-0235

To remediate CVE-2017-0235, upgrade the affected package to a fixed version below.

—upgrade to 1.4.4 or later

Is CVE-2017-0235 being exploited?

Moderate — EPSS is 27.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 1.4.4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2017-0235
PATCHgithub.com/chakra-core/ChakraCore
WEBgithub.com/chakra-core/ChakraCore/commit/f022afb8246acc98e74a887bb655ac512caf6e72
WEBgithub.com/chakra-core/ChakraCore/pull/2959