Lucene search
K

12 matches found

Veracode
Veracode
added 2018/07/05 1:17 a.m.7 views

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution. This is due to a type confusion in GlobOpt::OptTagChecks when the function IsLoopPrePass is used, which could cause memory corruption and allow an attacker to execute code in the context of the current user. This CVE is caused by an...

7.5CVSS8.2AI score0.80799EPSS
Exploits29References6Affected Software2
seebug.org
seebug.org
added 2017/12/04 12:0 a.m.45 views

Microsoft Edge: Chakra: JIT: GlobOpt::OptTagChecks must consider IsLoopPrePass properly(CVE-2017-11840)

There's one more place that emits a BailOnNotObject opcode. Here's a snippet of GlobOpt::OptTagChecks. if valueType.CanBeTaggedValue && !valueType.HasBeenNumber && this-IsLoopPrePass || !this-currentBlock-loop ValueType newValueType = valueType.SetCanBeTaggedValuefalse; // Split out the tag check...

7.6CVSS7.4AI score0.59642EPSS
Exploits3
0day.today
0day.today
added 2017/11/26 12:0 a.m.57 views

Microsoft Edge Chakra JIT GlobOpt::OptTagChecks Property Consideration Exploit

Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: JIT: GlobOpt::OptTagChecks must consider IsLoopPrePass properly CVE-2017-11840 Some background: https://bugs.chromium.org/p/project-zero/issues/detail?id=1364 There's one more place that emits a BailOnNotObject opcode...

7.6CVSS7.5AI score0.59642EPSS
Exploits3
Packet Storm
Packet Storm
added 2017/11/25 12:0 a.m.45 views

Microsoft Edge Chakra JIT GlobOpt::OptTagChecks Property Consideration

Microsoft Edge: Chakra: JIT: GlobOpt::OptTagChecks must consider IsLoopPrePass properly CVE-2017-11840 Some background: https://bugs.chromium.org/p/project-zero/issues/detail?id=1364 There's one more place that emits a BailOnNotObject opcode. Here's a snippet of GlobOpt::OptTagChecks. if...

0.2AI score0.59642EPSS
Exploits3
Prion
Prion
added 2017/11/15 3:29 a.m.22 views

Memory corruption

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an...

7.6CVSS7.3AI score0.69802EPSS
Exploits19References4
Prion
Prion
added 2017/11/15 3:29 a.m.24 views

Memory corruption

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an...

7.6CVSS7.3AI score0.69802EPSS
Exploits19References4
Prion
Prion
added 2017/11/15 3:29 a.m.26 views

Memory corruption

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an...

7.6CVSS7.3AI score0.69802EPSS
Exploits19References4
Prion
Prion
added 2017/11/15 3:29 a.m.21 views

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from...

7.6CVSS7.3AI score0.69802EPSS
Exploits19References3
Prion
Prion
added 2017/11/15 3:29 a.m.22 views

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current...

7.6CVSS7.5AI score0.69802EPSS
Exploits19References4Affected Software1
Prion
Prion
added 2017/11/15 3:29 a.m.27 views

Memory corruption

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID ...

7.6CVSS7.3AI score0.69802EPSS
Exploits19References4
CVE
CVE
added 2017/11/15 3:0 a.m.108 views

CVE-2017-11840

CVE-2017-11840 αφορά ChakraCore/Microsoft Edge en Windows 10 (Gold/1511/1607/1703/1709) y Windows Server 2016/Server 1709. El fallo proviene de cómo el motor de scripting maneja objetos en la memoria, generando una corrupción de memoria que posibilita que un atacante obtenga los mismos privilegio...

7.6CVSS7.5AI score0.59642EPSS
Exploits3References4Affected Software2
Check Point Advisories
Check Point Advisories
added 2017/11/14 12:0 a.m.6 views

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11840)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way the scripting engine handles objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS7.5AI score0.59642EPSS
Exploits3
Rows per page
Query Builder