Remote Code Execution (RCE)

2018-10-1106:09:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.097 Low

EPSS

Percentile

94.8%

JSON

Microsoft ChakraCore is susceptible to remote code execution (RCE). The vulnerability exists because of a flaw in the edge bounty program, leading to a loophole for the attack. This vulnerability also affects Microsoft Edge. This CVE is different from CVE-2018-8505, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513.

CPENameOperatorVersion
microsoft.chakracorele1.11.1
microsoft.chakracorele1.8.5
microsoft.chakracore.vc140le1.11.1
microsoft.chakracore.vc140le1.8.5

Name	Operator	Version
microsoft.chakracore	le	1.11.1
microsoft.chakracore	le	1.8.5
microsoft.chakracore.vc140	le	1.11.1
microsoft.chakracore.vc140	le	1.8.5

References

github.com/Microsoft/ChakraCore/wiki/Roadmap#v

github.com/thomasmo/ChakraCore/commit/aeb0ef0ef7f7459439dcb2a9dc0d3884021fc58d

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8503

0.097 Low

EPSS

Percentile

94.8%

JSON

Related for VERACODE:7596