CVE-2019-0911Out-of-bounds Write in Microsoft Chakracore

CWE-787Out-of-bounds Write5 documents5 sources
Severity
7.5HIGHNVD
EPSS
4.1%
top 11.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Microsoft ChakracoreMicrosoft Internet Explorer 10Microsoft Internet Explorer 11+9 more
Timeline
PublishedMay 16
Latest updateMar 29

Description

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0884, CVE-2019-0918.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages13 packages

NVDmicrosoft/chakracore< 1.11.9
CVEListV5microsoft/chakracoreunspecified
CVEListV5microsoft/microsoft_edge17 versions+16
CVEListV5microsoft/internet_explorer_10Windows Server 2012

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
OSV
Out-of-bounds write2021-03-29
GHSA
Out-of-bounds write2021-03-29
CVEList
CVE-2019-0911: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Me2019-05-16

📋Vendor Advisories

1
Microsoft
Scripting Engine Memory Corruption Vulnerability2019-05-14
CVE-2019-0911 — Out-of-bounds Write in Microsoft | cvebase