Improperly Implemented Security Check for Standard

CVE-2017-8637

Medium

5.3/10

Summary

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Scripting Engine Security Feature Bypass Vulnerability".

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-358 - Improperly Implemented Security Check for Standard

The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

References

Release Note
Release Note
Pull request

Advisory Timeline

Published Aug 08, 2017

Improperly Implemented Security Check for Standard

CVE-2017-8637

Summary

CWE-358 - Improperly Implemented Security Check for Standard

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS