Information Disclosure Vulnerability in Microsoft Chakra Scripting Engine
CVE-2020-0813

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Chakracore; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For 32-bit Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For X64-based Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For Arm64-based Systems
Vendor: CVE Published:; 12 March 2020

Summary

An information disclosure vulnerability exists in Microsoft’s Chakra Scripting Engine due to improper handling of memory. An attacker could exploit this flaw by gaining access to sensitive information stored in the memory of an affected system, potentially leading to further compromise of the user's device or data. To successfully exploit this vulnerability, the attacker must know the memory address of the object created, highlighting the risk if unpatched systems are targeted. Microsoft has issued updates to amend the way certain functions manage objects in memory, reinforcing user security and protecting against data exposure.

Affected Version(s)

ChakraCore = unspecified

Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems = unspecified

Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2020
Vulnerability Reserved
Nov 4, 2019