Remote Code Execution Vulnerability in Microsoft ChakraCore
CVE-2020-0825

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Chakracore; Microsoft Edge (edgehtml-based) On Windows 10 Version 1809 For 32-bit Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 1809 For X64-based Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 1809 For Arm64-based Systems
Vendor: CVE Published:; 12 March 2020

Summary

The remote code execution vulnerability in the ChakraCore scripting engine arises from improper handling of objects in memory. An attacker can exploit this flaw to execute arbitrary code on the target system. This could potentially allow the attacker to take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. It is crucial for users to apply relevant patches and updates to mitigate this risk.

Affected Version(s)

ChakraCore = unspecified

Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems = unspecified

Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

EPSS Score

38% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2020
Vulnerability Reserved
Nov 4, 2019