ChakraCore RCE Vulnerability

GHSA-399v-jg88-3gx6 · CVE-2018-0856

Published May 13, 2022 · Modified Feb 16, 2024

Description

Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-0856
WEB https://github.com/chakra-core/ChakraCore/commit/385af842bce4f94ddef98553a81f8ea99c7e2dcf
PACKAGE https://github.com/chakra-core/ChakraCore
WEB https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0856
WEB https://web.archive.org/web/20210125205300/http://www.securityfocus.com/bid/102880
WEB https://web.archive.org/web/20211208072939/http://www.securitytracker.com/id/1040372

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes