14 matches found
ChakraCore RCE Vulnerability
ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from...
Microsoft Edge: Chakra: JavascriptGeneratorFunction::GetPropertyBuiltIns exposes scriptFunction(CVE-2017-11914)
Here's a snippet of the method. bool JavascriptGeneratorFunction::GetPropertyBuiltInsVar originalInstance, PropertyId propertyId, Var value, PropertyValueInfo info, ScriptContext requestContext, BOOL result if propertyId == PropertyIds::length ... int len = 0; Var varLength; if...
Microsoft Edge Chakra JavascriptGeneratorFunction::GetPropertyBuiltIns Exposure
Microsoft Edge: Chakra: JavascriptGeneratorFunction::GetPropertyBuiltIns exposes scriptFunction CVE-2017-11914 Here's a snippet of the method. bool JavascriptGeneratorFunction::GetPropertyBuiltInsVar originalInstance, PropertyId propertyId, Var value, PropertyValueInfo info, ScriptContext...
CVE-2017-11914
creationtimestamp| type| source ---|---|--- 2018-01-17 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43713...
Memory corruption
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due t...
Memory corruption
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet...
Memory corruption
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer...
Memory corruption
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". Thi...
Memory corruption
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet...
Memory corruption
ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from...
Memory corruption
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the sam...
CVE-2017-11914
CVE-2017-11914 concerns a memory handling issue in the ChakraCore scripting engine used by ChakraCore and Microsoft Edge on Windows 10 (versions 1511, 1607, 1703, 1709) and Windows Server 2016. The root cause is described as how the scripting engine handles objects in memory, leading to a memory ...
KB4053579: Windows 10 Version 1607 and Windows Server 2016 December 2017 Security Update
The remote Windows host is missing security update 4053579. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a wa...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11914)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge improperly accesses objects in memory. Successful exploitation of this vulnerability can achieve Remote Code Execution...