GoogleOSV:GHSA-WW6F-76FF-PHHJChakraCore RCE Vulnerability
The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability.”
References
docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063
docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068
github.com/chakra-core/ChakraCore
github.com/chakra-core/ChakraCore/commit/ff9067ebe9e1c92eff4e25da95070bfd5942da07
nvd.nist.gov/vuln/detail/CVE-2016-3202
web.archive.org/web/20211129115034/www.securitytracker.com/id/1036099
web.archive.org/web/20211208124350/www.securitytracker.com/id/1036096
Related
