HTTP: Microsoft Edge DoLoopBodyStart Out of Bounds Read

An out-of-bounds read vulnerability exists in Microsoft Edge. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page or document. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Extended Description

ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821.

Affected Products

Microsoft chakracore

Short Name
HTTP:STC:IE:MS-EDGE-OOB-READ
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Bounds CVE-2017-11811 DoLoopBodyStart Edge Microsoft Out Read of
Release Date
11/03/2017
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3795
False Positive
Unknown
Vendors

Microsoft

CVSS Score

7.6

Found a potential security threat?