microsoft.chakracore is vulnerable to remote code execution. This happens because it skips the nullptr
check for funcInfo->GetParsedFunctionBody()->GetByteCode()
, causing memory corruption.This CVE ID is different from CVE-2017-11792, CVE-2017-11793, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. This also affects Microsoft Edge in Windows 10 1703.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft.chakracore | le | 1.7.2 | |
microsoft.chakracore.vc140 | le | 1.7.2 |