Remote Code Execution in Microsoft Chakra Core JavaScript Engine
CVE-2017-0223

9.8CRITICAL

Key Information:

Vendor: Microsoft
Status: Chakra Core
Vendor: CVE Published:; 15 May 2017

Summary

A vulnerability in Microsoft’s Chakra Core allows attackers to execute arbitrary code via specially crafted JavaScript. This occurs due to the improper handling of objects in memory, which leads to memory corruption. Exploitation of this vulnerability can allow an attacker to take control of the affected system, posing significant risk to users and organizations. It is crucial to apply available security updates to mitigate potential threats.

Affected Version(s)

Chakra Core

References

https://github.com/Microsoft/ChakraCore/pull/2959

x_refsource_CONFIRM

http://www.securitytracker.com/id/1038425

vdb-entryx_refsource_SECTRACK

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 15, 2017
Vulnerability Reserved
Sep 9, 2016