Remote Code Execution Vulnerability in ChakraCore Scripting Engine from Microsoft
CVE-2020-1073

8.1HIGH

Key Information:

Vendor: Microsoft
Status: Chakracore; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For 32-bit Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For X64-based Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For Arm64-based Systems
Vendor: CVE Published:; 9 June 2020

Summary

A significant vulnerability has been identified in the ChakraCore scripting engine, where improper handling of objects in memory can lead to remote code execution. This issue can allow an attacker to execute arbitrary code on affected systems, potentially compromising their security. Users of affected versions of ChakraCore are advised to implement security updates to mitigate the risks associated with this vulnerability. For more details, refer to the Microsoft security advisory.

Affected Version(s)

ChakraCore = unspecified

Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems = unspecified

Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2020
Vulnerability Reserved
Nov 4, 2019