CVE-2017-11808: Scripting Engine Memory Corruption Vulnerability Key Information: Release Date: October 10, 2017 Vulnerability Type: Security Vulnerability Assigning CNA: Microsoft Executive Summary: Vulnerability Description: - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft Edge (HTML-based). - The vulnerability can corrupt memory, allowing an attacker to execute arbitrary code in the context of the current user. - If the current user is logged in with administrative user rights, an attacker could gain control of the affected system. - An attacker could install programs, view, change, or delete data, or create new accounts with full user rights. - In a web-based attack scenario, an attacker could host a specially crafted website that exploits the vulnerability through Microsoft Edge (HTML-based) and convince a user to view the website. Mitigation: - The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. Exploitability: Publicly Disclosed: No Exploited: No Exploitability Assessment: Exploitation More Likely