Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0934Out-of-bounds Write in Microsoft Chakracore

CWE-787Out-of-bounds Write48 documents10 sources
Severity
7.5HIGHNVD
EPSS
85.3%
top 0.64%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Chakracore
Timeline
PublishedMar 14
Latest updateMay 13

Description

ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

27
OSV
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13

💥Exploits & PoCs

2
Exploit-DB
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) (1)2018-04-03
Exploit-DB
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) (2)2018-04-03

📋Vendor Advisories

1
Microsoft
Chakra Scripting Engine Memory Corruption Vulnerability2018-03-13

🕵️Threat Intelligence

8
Trendmicro
March Patch Tuesday Fixes 75 Security Issues2018-03-14
Trendmicro
March Patch Tuesday Fixes 75 Security Issues2018-03-14
Trendmicro
March Patch Tuesday Fixes 75 Security Issues2018-03-14
Trendmicro
March Patch Tuesday Fixes 75 Security Issues2018-03-14
Trendmicro
March Patch Tuesday Fixes 75 Security Issues2018-03-14

📄Research Papers

1
arXiv
Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer2020-01-14
CVE-2018-0934 — Out-of-bounds Write in Microsoft | cvebase