Remote Code Execution Vulnerability in Microsoft Chakra Core JavaScript Engine
CVE-2017-0252

9.8CRITICAL

Key Information:

Vendor: Microsoft
Status: Chakra Core
Vendor: CVE Published:; 15 May 2017

Summary

A vulnerability exists in Microsoft Chakra Core, where improper handling of objects in memory during JavaScript rendering can lead to remote code execution. This flaw allows attackers to execute arbitrary code on affected systems, thereby escalating privileges and potentially compromising sensitive data. System administrators should prioritize patching affected versions and implementing robust security measures to mitigate risks.

Affected Version(s)

Chakra Core

References

https://github.com/Microsoft/ChakraCore/pull/2959

x_refsource_CONFIRM

EPSS Score

24% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 15, 2017
Vulnerability Reserved
Sep 9, 2016