CVE-2019-0739Out-of-bounds Write in Microsoft Chakracore

CWE-787Out-of-bounds Write7 documents5 sources
Severity
7.5HIGHNVD
EPSS
9.0%
top 7.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft ChakracoreMicrosoft Internet Explorer 10Microsoft Internet Explorer 11+1 more
Timeline
PublishedApr 9
Latest updateMay 13

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0752, CVE-2019-0753, CVE-2019-0862.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages5 packages

CVEListV5microsoft/microsoft_edge17 versions+16
NVDmicrosoft/chakracore< 1.11.8
CVEListV5microsoft/chakracoreunspecified
CVEListV5microsoft/internet_explorer_10Windows Server 2012
CVEListV5microsoft/internet_explorer_1124 versions+23

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-c6fx-9m9g-27cf: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine M2022-05-13
CVEList
CVE-2019-0739: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine M2019-04-09

📋Vendor Advisories

1
Microsoft
Scripting Engine Memory Corruption Vulnerability2019-04-09

💬Community

3
Bugzilla
CVE-2019-1003030 jenkins-plugin-workflow-cps: Sandbox bypass in Pipeline: Groovy Plugin (SECURITY-1336(2))2019-03-20
Bugzilla
CVE-2019-1003034 jenkins-job-dsl-plugin: Script security sandbox bypass in Job DSL Plugin (SECURITY-1342)2019-03-20
Bugzilla
CVE-2019-1003031 jenkins-matrix-project-plugin: sandbox bypass in matrix project plugin2019-03-18
CVE-2019-0739 — Out-of-bounds Write in Microsoft | cvebase