cvelist/2017/11xxx/CVE-2017-11767.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "secure@microsoft.com",
      "DATE_PUBLIC" : "2017-09-14T00:00:00",
      "ID" : "CVE-2017-11767",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "ChakraCore",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "ChakraCore"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Microsoft Corporation"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Remote Code Execution"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767",
            "refsource" : "CONFIRM",
            "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767"
         },
         {
            "name" : "100838",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/100838"
         },
         {
            "name" : "1039369",
            "refsource" : "SECTRACK",
            "url" : "http://www.securitytracker.com/id/1039369"
         }
      ]
   }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
			`"CVE_data_meta" : {`
- Added submission from Microsoft from 2017-11-02. 2017-11-02 14:19:47 -04:00			`"ASSIGNER" : "secure@microsoft.com",`
			`"DATE_PUBLIC" : "2017-09-14T00:00:00",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"ID" : "CVE-2017-11767",`
- Added submission from Microsoft from 2017-11-02. 2017-11-02 14:19:47 -04:00			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "ChakraCore",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "ChakraCore"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "Microsoft Corporation"`
			`}`
			`]`
			`}`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
- Added submission from Microsoft from 2017-11-02. 2017-11-02 14:19:47 -04:00			`"value" : "ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Remote Code Execution"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767",`
			`"refsource" : "CONFIRM",`
- Added submission from Microsoft from 2017-11-02. 2017-11-02 14:19:47 -04:00			`"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767"`
- Synchronized data. 2017-11-03 06:03:49 -04:00			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "100838",`
			`"refsource" : "BID",`
- Synchronized data. 2017-11-03 06:03:49 -04:00			`"url" : "http://www.securityfocus.com/bid/100838"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "1039369",`
			`"refsource" : "SECTRACK",`
- Synchronized data. 2017-11-03 06:03:49 -04:00			`"url" : "http://www.securitytracker.com/id/1039369"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`]`
			`}`
			`}`