Remote Code Execution (RCE)

2019-04-1101:54:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.043 Low

EPSS

Percentile

92.4%

JSON

ChakraCore is vulnerable to remote code execution (RCE). The vulnerability exists due to a type confusion with DeleteElemI_A and DeleteElemIStrict_A, which causes memory corruption and allows a remote attacker to execute arbitrary code in the context of the authenticated user for the process.

CPENameOperatorVersion
microsoft.chakracorele1.11.7
microsoft.chakracore.vc140le1.11.7

CPE	Name	Operator	Version
	microsoft.chakracore	le	1.11.7
	microsoft.chakracore.vc140	le	1.11.7

References

github.com/Microsoft/ChakraCore/pull/6087

github.com/Microsoft/ChakraCore/wiki/Roadmap#v1118

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0810

www.zerodayinitiative.com/advisories/ZDI-19-361/

0.043 Low

EPSS

Percentile

92.4%

JSON

Related for VERACODE:13627