Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects

GHSA-9f2p-wm46-6m5f · CVE-2017-11870

Published May 17, 2022 · Modified Feb 19, 2024

Description

ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory. This could be exploited using write-AV when writing to a slot of a JavaScript null scope object.

This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11871, and CVE-2017-11873.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-11870
WEB https://github.com/chakra-core/ChakraCore/pull/4226
WEB https://github.com/chakra-core/ChakraCore/commit/b44ee8300ae03026d3c39cdbbfd32d410ac187f6
PACKAGE https://github.com/chakra-core/ChakraCore
WEB https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11870
WEB https://web.archive.org/web/20210516131515/http://www.securityfocus.com/bid/101731
WEB https://web.archive.org/web/20210517135249/http://www.securitytracker.com/id/1039780
WEB https://www.exploit-db.com/exploits/43182

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes