cnvd - cnvd-2017-34446

cnvd-2017-34446

Vulnerability from cnvd

Title: Microsoft Internet Explorer脚本引擎信息泄露漏洞（CNVD-2017-34446）

Description:

Internet Explorer（IE）是一款Windows操作系统附带的Web浏览器。scripting engines是其中的一个JavaScript引擎组件。

Microsoft Windows中的IE 9、10和11版本中scripting引擎存在信息泄露漏洞，该漏洞源于程序未能正确的处理内存中的对象。攻击者可利用该漏洞获取信息。

Severity: 中

Patch Name: Microsoft Internet Explorer脚本引擎信息泄露漏洞（CNVD-2017-34446）的补丁

Patch Description:

Internet Explorer（IE）是一款Windows操作系统附带的Web浏览器。scripting engines是其中的一个JavaScript引擎组件。

Microsoft Windows中的IE 9、10和11版本中scripting引擎存在信息泄露漏洞，该漏洞源于程序未能正确的处理内存中的对象。攻击者可利用该漏洞获取信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11834

Reference: http://technet.microsoft.com/security/bulletin/November 2017 Security Updates http://www.securityfocus.com/bid/101725

Impacted products

Name
['Microsoft Internet Explorer 10', 'Microsoft Internet Explorer 9', 'Microsoft Internet Explorer 11']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-11834"
    }
  },
  "description": "Internet Explorer\uff08IE\uff09\u662f\u4e00\u6b3eWindows\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684Web\u6d4f\u89c8\u5668\u3002scripting engines\u662f\u5176\u4e2d\u7684\u4e00\u4e2aJavaScript\u5f15\u64ce\u7ec4\u4ef6\u3002\r\n\r\nMicrosoft Windows\u4e2d\u7684IE 9\u300110\u548c11\u7248\u672c\u4e2dscripting\u5f15\u64ce\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u5185\u5b58\u4e2d\u7684\u5bf9\u8c61\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002",
  "discovererName": "Hui Gao of Palo Alto Networks",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11834",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34446",
  "openTime": "2017-11-17",
  "patchDescription": "Internet Explorer\uff08IE\uff09\u662f\u4e00\u6b3eWindows\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684Web\u6d4f\u89c8\u5668\u3002scripting engines\u662f\u5176\u4e2d\u7684\u4e00\u4e2aJavaScript\u5f15\u64ce\u7ec4\u4ef6\u3002\r\n\r\nMicrosoft Windows\u4e2d\u7684IE 9\u300110\u548c11\u7248\u672c\u4e2dscripting\u5f15\u64ce\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u5185\u5b58\u4e2d\u7684\u5bf9\u8c61\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Internet Explorer\u811a\u672c\u5f15\u64ce\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-34446\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Internet Explorer 10",
      "Microsoft Internet Explorer 9",
      "Microsoft Internet Explorer  11"
    ]
  },
  "referenceLink": "http://technet.microsoft.com/security/bulletin/November 2017 Security Updates\r\nhttp://www.securityfocus.com/bid/101725",
  "serverity": "\u4e2d",
  "submitTime": "2017-11-16",
  "title": "Microsoft Internet Explorer\u811a\u672c\u5f15\u64ce\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-34446\uff09"
}

CVE-2017-11834 (GCVE-0-2017-11834)

Vulnerability from cvelistv5

Published

2017-11-15 03:00

Modified

2024-09-16 18:49

Severity ?

CWE

Information Disclosure

Summary

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11791.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1039796	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/101725	vdb-entry, x_refsource_BID
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11834	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	Internet Explorer	Version: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:19:39.258Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039796",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039796"
          },
          {
            "name": "101725",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101725"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11834"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Internet Explorer",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709."
            }
          ]
        }
      ],
      "datePublic": "2017-11-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user\u0027s system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11791."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-15T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1039796",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039796"
        },
        {
          "name": "101725",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101725"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11834"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "DATE_PUBLIC": "2017-11-14T00:00:00",
          "ID": "CVE-2017-11834",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Internet Explorer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user\u0027s system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11791."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039796",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039796"
            },
            {
              "name": "101725",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101725"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11834",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11834"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-11834",
    "datePublished": "2017-11-15T03:00:00Z",
    "dateReserved": "2017-07-31T00:00:00",
    "dateUpdated": "2024-09-16T18:49:21.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted