Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2020-1172

Опубликовано: 08 сент. 2020
Источник: msrc
CVSS3: 4.2
EPSS Низкий

Описание

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.

Обновления

ПродуктСтатьяОбновление
ChakraCore
Release Notes
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for 32-bit Systems
4571756
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for ARM64-based Systems
4571756
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for x64-based Systems
4571756
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems
4577032
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems
4577032
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems
4577032
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems
4570333
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems
4570333
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems
4570333
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 83%
0.02046
Низкий

4.2 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-1172

CVSS3: 4.2
nvd
почти 5 лет назад

<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p>

github логотип

GHSA-xxfr-jrgh-x392

CVSS3: 7.5
github
около 4 лет назад

Remote code execution in ChakraCore

fstec логотип

BDU:2020-04438

CVSS3: 7.5
fstec
почти 5 лет назад

Уязвимость обработчика JavaScript-сценариев ChakraCore браузера Microsoft Edge, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 83%
0.02046
Низкий

4.2 Medium

CVSS3