Lucene search
K

15 matches found

Github Security Blog
Github Security Blog
added 2022/05/17 12:19 a.m.33 views

Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects

ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory. This could be exploited using write-AV when writing to a slot of a JavaScript nu...

7.6CVSS6.9AI score0.59642EPSS
Exploits3References8Affected Software1
OSV
OSV
added 2022/05/17 12:19 a.m.34 views

GHSA-9F2P-WM46-6M5F Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects

ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory. This could be exploited using write-AV when writing to a slot of a JavaScript nu...

7.5CVSS7.5AI score0.59642EPSS
Exploits3References8
Github Security Blog
Github Security Blog
added 2022/05/17 12:19 a.m.30 views

Chakra Core vulnerable to privilege escalation due to reading an invalid pointer

ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". When trying to get...

7.6CVSS7AI score0.07979EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2017/11/15 3:29 a.m.22 views

Memory corruption

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an...

7.6CVSS7.3AI score0.69802EPSS
Exploits19References4
Prion
Prion
added 2017/11/15 3:29 a.m.24 views

Memory corruption

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an...

7.6CVSS7.3AI score0.69802EPSS
Exploits19References4
Prion
Prion
added 2017/11/15 3:29 a.m.26 views

Memory corruption

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an...

7.6CVSS7.3AI score0.69802EPSS
Exploits19References4
Prion
Prion
added 2017/11/15 3:29 a.m.33 views

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique fr...

7.6CVSS7.3AI score0.69802EPSS
Exploits19References4
Prion
Prion
added 2017/11/15 3:29 a.m.21 views

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from...

7.6CVSS7.3AI score0.69802EPSS
Exploits19References3
Prion
Prion
added 2017/11/15 3:29 a.m.29 views

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption...

7.6CVSS7.3AI score0.69802EPSS
Exploits19References4
Prion
Prion
added 2017/11/15 3:29 a.m.22 views

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current...

7.6CVSS7.5AI score0.69802EPSS
Exploits19References4Affected Software1
Prion
Prion
added 2017/11/15 3:29 a.m.27 views

Memory corruption

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID ...

7.6CVSS7.3AI score0.69802EPSS
Exploits19References4
Prion
Prion
added 2017/11/15 3:29 a.m.26 views

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption...

7.6CVSS7.3AI score0.69802EPSS
Exploits19References4
Prion
Prion
added 2017/11/15 3:29 a.m.28 views

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique fr...

7.6CVSS7.3AI score0.69802EPSS
Exploits19References3
Prion
Prion
added 2017/11/15 3:29 a.m.20 views

Memory corruption

Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID i...

7.6CVSS7.3AI score0.69802EPSS
Exploits19References4
CVE
CVE
added 2017/11/15 3:0 a.m.105 views

CVE-2017-11836

Technical details for CVE-2017-11836 are not publicly available in the provided documents. Monitor for updates from ChakraCore/Microsoft advisories and related CVEs for disclosure status and fixes.

7.6CVSS7.4AI score0.07979EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder