CVE-2018-0858 - ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects

CVE-2018-0858

Summary

ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	102865
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0858
sectrack	1040372

Last major update

24-08-2020 - 17:37

Published

15-02-2018 - 02:29

Last modified

24-08-2020 - 17:37