CVE-2017-11874: Code Injection

November 15, 2017 (updated October 3, 2019)

Microsoft Edge in Microsoft Windows, Windows Server, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka “Microsoft Edge Security Feature Bypass Vulnerability”. This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872.

References

www.securityfocus.com/bid/101750
www.securitytracker.com/id/1039801
nvd.nist.gov/vuln/detail/CVE-2017-11874
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11874

Code Behaviors & Features

Detect and mitigate CVE-2017-11874 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →