Remote Code Execution Vulnerability in ChakraCore Scripting Engine by Microsoft
CVE-2020-0970

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Chakracore; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For 32-bit Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For X64-based Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For Arm64-based Systems
Vendor: CVE Published:; 15 April 2020

Summary

A remote code execution vulnerability arises in the ChakraCore scripting engine due to improper handling of objects in memory. Attackers can exploit this flaw to execute arbitrary code, leading to potential unauthorized access and control over affected systems. This vulnerability highlights the importance of timely software updates and security measures to protect against exploitation.

Affected Version(s)

ChakraCore = unspecified

Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems = unspecified

Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Nov 4, 2019