High severity7.5NVD Advisory· Published Dec 12, 2017· Updated May 13, 2026

CVE-2017-11909

Description

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
Microsoft.ChakraCoreNuGet	< 1.7.5	1.7.5

Affected products

Microsoft/Chakracore
cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*
Range: <1.7.5
Microsoft/Edge
cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
Microsoft Corporation/ChakraCore, Microsoft Edgev5
Range: Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016.

Patches

0e4566a4c394

[CVE-2017-11909] JIT: BackwardPass::RemoveEmptyLoopAfterMemOp doesn't insert branches / make break control flow - Google, Inc.

https://github.com/chakra-core/ChakraCoreMichael FerrisOct 26, 2017via ghsa

commit

1 file changed · +8 −0

lib/Backend/BackwardPass.cpp+8 −0 modified

@@ -7853,6 +7853,14 @@ BackwardPass::RemoveEmptyLoopAfterMemOp(Loop *loop)
 
     outerBlock->RemovePred(head, this->func->m_fg);
     landingPad->RemoveSucc(head, this->func->m_fg);
+    Assert(landingPad->GetSuccList()->Count() == 0);
+
+    IR::Instr* firstOuterInstr = outerBlock->GetFirstInstr();
+    AssertOrFailFast(firstOuterInstr->IsLabelInstr() && !landingPad->GetLastInstr()->EndsBasicBlock());
+    IR::LabelInstr* label = firstOuterInstr->AsLabelInstr();
+    // Add br to Outer block to keep coherence between branches and flow graph
+    IR::BranchInstr *outerBr = IR::BranchInstr::New(Js::OpCode::Br, label, this->func);
+    landingPad->InsertAfter(outerBr);
     this->func->m_fg->AddEdge(landingPad, outerBlock);
 
     this->func->m_fg->RemoveBlock(head, nullptr);

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11909nvdPatchVendor AdvisoryWEB
www.exploit-db.com/exploits/43467/nvdExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/102085nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039990nvdThird Party AdvisoryVDB Entry
github.com/advisories/GHSA-9qpf-v72j-j9qhghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-11909ghsaADVISORY
github.com/chakra-core/ChakraCore/commit/0e4566a4c394cb69834719704a05aa17101ae3f5ghsaWEB
github.com/chakra-core/ChakraCore/pull/4411ghsaWEB
web.archive.org/web/20210124122714/http://www.securityfocus.com/bid/102085ghsaWEB
web.archive.org/web/20210829201729/http://www.securitytracker.com/id/1039990ghsaWEB
www.exploit-db.com/exploits/43467ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.059
exploit	0.030
kev	0.000
patch	-0.070
ransomware	0.000