KLA10918Multiple ACE vulnerabilities in ChakraCore

2017-12-12T00:00:00
ID KLA10918
Type kaspersky
Reporter Kaspersky Lab
Modified 2019-03-07T00:00:00

Description

Detect date:

12/12/2017

Severity:

Warning

Description:

Multiple memory corruption vulnerabilities was found in ChakraCore. Malicious users can exploit these vulnerabilities remotely to execute arbitrary code

Affected products:

ChakraCore

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2017-11916
CVE-2017-11918
CVE-2017-11893
CVE-2017-11930
CVE-2017-11889
CVE-2017-11912
CVE-2017-11914
CVE-2017-11911
CVE-2017-11919
CVE-2017-11895
CVE-2017-11908
CVE-2017-11894
CVE-2017-11909
CVE-2017-11905
CVE-2017-11910

Impacts:

ACE

Related products:

ChakraCore

CVE-IDS:

CVE-2017-118897.5Warning
CVE-2017-118937.5Warning
CVE-2017-118947.5Warning
CVE-2017-118957.5Warning
CVE-2017-119057.5Warning
CVE-2017-119087.5Warning
CVE-2017-119097.5Warning
CVE-2017-119107.5Warning
CVE-2017-119117.5Warning
CVE-2017-119127.5Warning
CVE-2017-119147.5Warning
CVE-2017-119187.5Warning
CVE-2017-119195.3Warning
CVE-2017-119307.5Warning
CVE-2017-119167.5Warning

Microsoft official advisories: