CVE-2019-0769

CWE-787Out-of-bounds WriteCWE-190Integer Overflow9 documents5 sources
Severity
7.5HIGH
EPSS
6.8%
top 8.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ChakracoreMicrosoft Microsoft Edge
Timeline
PublishedApr 9

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

CVEListV5microsoft/microsoft_edge17 versions+16
NVDmicrosoft/chakracore< 1.11.7
NuGetMicrosoft.ChakraCore< 1.11.7
CVEListV5microsoft/chakracoreunspecified

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

7
GHSA
High severity vulnerability that affects Microsoft.ChakraCore2019-04-09
CVEList
CVE-2019-0769: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine M2019-04-09
OSV
High severity vulnerability that affects Microsoft.ChakraCore2019-04-09
GHSA
High severity vulnerability that affects Microsoft.ChakraCore2019-04-09
GHSA
High severity vulnerability that affects Microsoft.ChakraCore2019-04-09

📋Vendor Advisories

1
Microsoft
Scripting Engine Memory Corruption Vulnerability2019-03-12
CVE-2019-0769 (HIGH CVSS 7.5) | A remote code execution vulnerabili | cvebase.io