CVE-2019-0567

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Edge
Chakracore
Vendor
CVE Published:
8 January 2019

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 82%

Summary

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568.

Affected Version(s)

ChakraCore ChakraCore

Microsoft Edge Windows 10 for 32-bit Systems

Microsoft Edge Windows 10 for x64-based Systems

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-0567-MS-Edge
Created by NatteeSetobol

Chakra-CVE-2019-0567
Created by NatteeSetobol

References

https://www.exploit-db.com/exploits/46203/
exploitx_refsource_EXPLOIT-DB
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/106418
vdb-entryx_refsource_BID

EPSS Score

82% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.