ChakraCore is vulnerable to remote code execution (RCE). The vulnerability exists due to a type confusion with DeleteElemI_A
and DeleteElemIStrict_A
, which causes memory corruption and allows a remote attacker to execute arbitrary code in the context of the authenticated user for the process.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft.chakracore | le | 1.11.7 | |
microsoft.chakracore.vc140 | le | 1.11.7 |