microsoft.chakracore is vulnerable to remote code execution. This happens because it does have correct GenerateBailOut
calling patterns during compilation, causing memory corruption.This CVE ID is different from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. This vulnerability also affects Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft.chakracore | le | 1.7.2 | |
microsoft.chakracore.vc140 | le | 1.7.2 |