Remote Code Execution Vulnerability in Microsoft ChakraCore Scripting Engine
CVE-2020-0828

7.5HIGH

What is CVE-2020-0828?

An issue has been identified within the ChakraCore scripting engine, which can lead to potential remote code execution by corrupting object memory handling. This vulnerability can be exploited when a user opens a specially crafted file or visits a malicious website designed to execute payloads through the scripting engine. As a result, attackers could gain the same user rights as the logged-in user, leading to unauthorized actions and system manipulation. Applying the latest security updates from Microsoft is crucial to mitigate this vulnerability.

Affected Version(s)

ChakraCore = unspecified

Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems = unspecified

Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems = unspecified

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.