Lucene search

GoogleOSV:GHSA-Q6MV-8VH9-4GGJ

HistoryMay 14, 2022 - 2:24 a.m.

ChakraCore RCE Vulnerability

2022-05-1402:24:16

Google

osv.dev

8.8 High

AI Score

Confidence

High

0.154 Low

EPSS

Percentile

95.9%

JSON

The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3259.

CPENameOperatorVersion
microsoft.chakracoreeq1.2.0

CPE	Name	Operator	Version
	microsoft.chakracore	eq	1.2.0

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084

docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085

github.com/chakra-core/ChakraCore

github.com/chakra-core/ChakraCore/wiki/Roadmap

nvd.nist.gov/vuln/detail/CVE-2016-3248

web.archive.org/web/20210125172707/www.securityfocus.com/bid/91578

web.archive.org/web/20211202003833/www.securitytracker.com/id/1036283