High severity8.1NVD Advisory· Published Jul 17, 2017· Updated May 13, 2026

CVE-2017-0152

Description

A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability."

Affected products

Microsoft Corporation/Microsoft ChakraCorev5
Range: Microsoft ChakraCore

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Microsoft/ChakraCore/commit/9da019424601325a6e95e6be0fa03d7d21d0b517nvdIssue TrackingPatchThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.012
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000