Remote Code Execution Vulnerability in ChakraCore Scripting Engine from Microsoft
CVE-2020-1065

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Chakracore; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For 32-bit Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For X64-based Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For Arm64-based Systems
Vendor: CVE Published:; 21 May 2020

Summary

A remote code execution vulnerability exists in the ChakraCore scripting engine, which could allow attackers to corrupt memory handling of objects. Exploitation of this vulnerability may enable unauthorized access to sensitive data or systems.

Affected Version(s)

ChakraCore = unspecified

Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems = unspecified

Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 21, 2020
Vulnerability Reserved
Nov 4, 2019