Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2020-0970

Опубликовано: 14 апр. 2020
Источник: msrc
CVSS3: 4.2
EPSS Средний

Описание

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.

Обновления

ПродуктСтатьяОбновление
ChakraCore
Release Notes
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems
4550922
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems
4550922
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems
4550922
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems
4549949
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems
4549949
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems
4549949
Security Update
Microsoft Edge (EdgeHTML-based) on Windows Server 2019
4549949
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems
4549951
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems
4549951
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

N/A

DOS

N/A

EPSS

Процентиль: 97%
0.38317
Средний

4.2 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-0970

CVSS3: 7.5
nvd
больше 5 лет назад

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0968.

github логотип

GHSA-233h-59m2-qqf2

CVSS3: 7.5
github
около 3 лет назад

ChakraCore Remote Code Execution Vulnerability

fstec логотип

BDU:2020-02139

CVSS3: 7.5
fstec
больше 5 лет назад

Уязвимость обработчика JavaScript-сценариев ChakraCore браузера Microsoft Edge, связанная с ошибками обработки объектов в памяти, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 97%
0.38317
Средний

4.2 Medium

CVSS3