CVE-2019-0609Out-of-bounds Write in Microsoft Chakracore

CWE-787Out-of-bounds WriteCWE-190Integer Overflow or Wraparound9 documents5 sources
Severity
7.5HIGHNVD
EPSS
6.0%
top 9.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft ChakracoreMicrosoft Internet Explorer 10Microsoft Internet Explorer 11+2 more
Timeline
PublishedApr 8
Latest updateApr 9

Description

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages6 packages

NVDmicrosoft/chakracore< 1.11.7
CVEListV5microsoft/chakracoreWindows Server 2019
CVEListV5microsoft/microsoft_edge16 versions+15
CVEListV5microsoft/internet_explorer_10Windows Server 2012

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

7
GHSA
High severity vulnerability that affects Microsoft.ChakraCore2019-04-09
OSV
High severity vulnerability that affects Microsoft.ChakraCore2019-04-09
GHSA
High severity vulnerability that affects Microsoft.ChakraCore2019-04-09
GHSA
High severity vulnerability that affects Microsoft.ChakraCore2019-04-09
GHSA
High severity vulnerability that affects Microsoft.ChakraCore2019-04-09

📋Vendor Advisories

1
Microsoft
Scripting Engine Memory Corruption Vulnerability2019-03-12
CVE-2019-0609 — Out-of-bounds Write in Microsoft | cvebase