6 matches found
Remote Code Execution (RCE)
Microsoft ChakraCore is vulnerable to remote code execution. This is due to uninitialized memory of SpreadArgs in InterpreterStackFrame.cpp which would allow a remote attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2017-0010,...
Remote Code Execution (RCE)
Microsoft ChakraCore is vulnerable to remote code execution. This is due to the assignment of function number using parse node index, which would allow a remote attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2017-0010, CVE-2017-0015,...
Remote Code Execution (RCE)
Microsoft ChakraCore is vulnerable to remote code execution. This is due to a lack of conversion checks after calls to IsConcatSpreadable which would allow a remote attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different CVE-2017-0010, CVE-2017-0015,...
Remote Code Execution (RCE)
Microsoft ChakraCore is vulnerable to remote code execution. This is due to a type confusion bug when converting src operand on store to a typed array, which would allow a remote attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from...
Remote Code Execution (RCE)
Microsoft ChakraCore is vulnerable to remote code execution. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2017-0010, CVE-2017-0015, CVE-2017-0032,...
CVE-2017-0010
The connected advisory CPAI-2018-0053 confirms CVE-2017-0134 as a remote code execution in Microsoft Edge’s scripting engine, caused by memory handling of in-memory objects. The vulnerability involves memory corruption that could allow an attacker to execute arbitrary code with the current user’s...