VYPR
High severity7.5NVD Advisory· Published Dec 12, 2017· Updated Jun 17, 2026

CVE-2017-11911

CVE-2017-11911

Description

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.ChakraCoreNuGet
< 1.7.51.7.5

Affected products

4
  • cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*
    Range: <1.7.5
  • cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 1.7.5
  • Microsoft Corporation/ChakraCore, Microsoft Edgev5
    Range: ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016.

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.