Critical severity9.8NVD Advisory· Published Jul 17, 2017· Updated May 13, 2026

CVE-2017-0028

Description

A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability."

Affected products

Microsoft Corporation/Microsoft ChakraCorev5
Range: Microsoft ChakraCore

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Microsoft/ChakraCore/commit/402f3d967c0a905ec5b9ca9c240783d3f2c15724nvdPatchThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.016
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000