EUVD-2017-17571

Malware in sbrugna...

ChakraCore information disclosure vulnerability

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability"...

November 10, 2020-KB4585208 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703

November 10, 2020-KB4585208 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703 Release Date: November 10, 2020 Version: .NET Framework 4.8 Note On Jan 12, 2020, a live revision was made to this update to remove its supersedence relationship with the October 13, 2020, .NET...

March 10, 2020—KB4540705 (OS Build 15063.2313)

March 10, 2020—KB4540705 OS Build 15063.2313 Current status of Windows 10, version 1703 Windows 10, version 1703 has reached end of service for all editions. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10 . Surface Hub devices...

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution. This happens because it skips the nullptr check for funcInfo-GetParsedFunctionBody-GetByteCode, causing memory corruption.This CVE ID is different from CVE-2017-11792, CVE-2017-11793, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799,...

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution. This happens because it allows redeferral of a called function in CrossSite.cpp, leading to a RCE. This CVE ID is different from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799,...

Remote Code Execution (RCE) Via Memory Corruption

microsoft.chakracore is vulnerable to remote code execution via memory corruption vulnerability. This happens when an attacker inputs a large numeric or spread array literal to ByteCodeGenerator, leading to an out-of-bounds write. This CVE ID is different from CVE-2017-11886, CVE-2017-11889,...

CVE-2018-0937

ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930,...

Information disclosure

ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0891...

CVE-2018-0856

Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-083...

CVE-2018-0743

Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability"...

CVE-2018-0751

CVE-2018-0751 is a Windows Kernel API elevation-of-privilege vulnerability affecting Windows family (kernel API permission handling). The connected records reference the CVE as a Windows kernel issue and show related exploitation listings (e.g., exploit-db entries linked in CIRCL). No explicit pr...

CVE-2017-11889

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". Thi...

CVE-2017-11918

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is...

CVE-2017-11845

Summary (CVE-2017-11845) : Microsoft Edge in Windows 10 version 1703 is affected by a memory corruption vulnerability in how Edge handles objects in memory, enabling remote code execution in the context of the current user when a user visits a crafted webpage. The issue is a remote exploit vector...

CVE-2017-11845

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability"...

CVE-2017-11806

ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792,...

CVE-2017-11816

The Microsoft Windows Graphics Device Interface GDI on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the wa...

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792,...

CVE-2017-11807

Technical details for CVE-2017-11807 are not publicly provided in the supplied documents. The connected advisories cover ChakraCore RCE/memory corruption generically but do not specify affected product versions, root cause, or fixes for this CVE. Monitor for updates.