Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-0567Out-of-bounds Write in Microsoft Chakracore

CWE-787Out-of-bounds Write10 documents8 sources
Severity
7.5HIGHNVD
EPSS
89.6%
top 0.44%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft ChakracoreMicrosoft Edge
Timeline
PublishedJan 8
Latest updateMay 13

Description

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

CVEListV5microsoft/chakracoreChakraCore
CVEListV5microsoft/microsoft_edge17 versions+16

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

5
GHSA
ChakraCore RCE Vulnerability2022-05-13
OSV
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
CVEList
CVE-2019-0567: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scri2019-01-08

💥Exploits & PoCs

1
Exploit-DB
Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion2019-01-18

🔍Detection Rules

1
Suricata
ET EXPLOIT Microsoft Edge Chakra - NewScObjectNoCtor InitProtoType Confusion Inbound (CVE-2019-0567)2021-08-25

📋Vendor Advisories

1
Microsoft
Chakra Scripting Engine Memory Corruption Vulnerability2019-01-08

💬Community

1
Bugzilla
CVE-2018-16856 openstack-octavia: Private keys written to world-readable log files2018-11-13
CVE-2019-0567 — Out-of-bounds Write in Microsoft | cvebase