Lucene search

K

GoogleOSV:GHSA-67F9-QMG7-FMCQ

HistoryMay 13, 2022 - 1:18 a.m.

ChakraCore RCE Vulnerability

2022-05-1301:18:35

Google

osv.dev

16

chakracore

microsoft edge

windows 10

windows server 2016

remote code execution

memory corruption

cve-2018-0872

EPSS

0.948

Percentile

99.3%

ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka “Chakra Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.

References

github.com/chakra-core/ChakraCore

github.com/chakra-core/ChakraCore/commit/7087c314a67631a0a3094bc2f741991ee10f5b5a

nvd.nist.gov/vuln/detail/CVE-2018-0874

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0874

web.archive.org/web/20201021051922/www.securitytracker.com/id/1040507

web.archive.org/web/20210124144659/www.securityfocus.com/bid/103269

EPSS

0.948

Percentile

99.3%

Related for OSV:GHSA-67F9-QMG7-FMCQ

prion9 cvelist9 nvd9 cve9 osv10 github9 veracode3 zdt2 exploitdb2 kaspersky1 mscve9 symantec9 checkpoint_advisories5 packetstorm2 nessus5 openvas4 mskb5 threatpost1 trendmicroblog1 talosblog1