| CVE ID | CVE-2017-0015 |
| CVSS SCORE | 4.3, AV:N/AC:M/Au:N/C:P/I:N/A:N |
| AFFECTED VENDORS |
Microsoft |
| AFFECTED PRODUCTS |
Windows |
| VULNERABILITY DETAILS |
The specific flaw exists within the processing of the JavaScript spread operator as implemented in chakra.dll. By performing actions in JavaScript, an attacker can trigger access to memory prior to initialization. An attacker can leverage this vulnerability to disclose sensitive information under the context of the current process. |
| ADDITIONAL DETAILS |
Microsoft has issued an update to correct this vulnerability. More details can be found at:
https://technet.microsoft.com/en-us/library/security/ms17-007.aspx |
| DISCLOSURE TIMELINE |
|
| CREDIT | Simon Zuckerbraun - Trend Micro Zero Day Initiative |
