CVE-2018-0925 - ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects

CVE-2018-0925

Summary

ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0935.

References

http://www.securityfocus.com/bid/103287
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0925

Vulnerable Configurations

cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*

CVSS

Base:	7.6 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:H/Au:N/C:C/I:C/A:C

refmap via4

bid	103287
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0925

Last major update

24-08-2020 - 17:37

Published

14-03-2018 - 17:29

Last modified

24-08-2020 - 17:37