microsoft.chakracore is vulnerable to remote code execution. This happens because it performs an invalid stack restore in Parse.h
when destructuring is used. This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. This vulnerability also affects Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft.chakracore | le | 1.7.4 | |
microsoft.chakracore.vc140 | le | 1.7.4 |