Remote Code Execution (RCE)

2018-07-1106:54:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.064 Low

EPSS

Percentile

93.7%

JSON

microsoft.chakracore is vulnerable to remote code execution (RCE) attacks. The vulnerability exists in CrossSite::CommonThunk of lib/Runtime/Base/CrossSite.cpp where the Chakra scripting engine handles objects in memory insecurely, causing a Chakra Scripting Engine Memory Corruption vulnerability.

CPENameOperatorVersion
microsoft.chakracorele1.10.0
microsoft.chakracore.vc140le1.10.0

CPE	Name	Operator	Version
	microsoft.chakracore	le	1.10.0
	microsoft.chakracore.vc140	le	1.10.0

References

github.com/Microsoft/ChakraCore/commit/7af07fdfb3cf3ac2b21dd71bf565ab1135e62d4d

github.com/Microsoft/ChakraCore/pull/5444

github.com/Microsoft/ChakraCore/wiki/Roadmap#v1101

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8294

0.064 Low

EPSS

Percentile

93.7%

JSON

Related for VERACODE:7019