CVE-2019-0916

CWE-787Out-of-bounds Write18 documents6 sources
Severity
7.5HIGH
EPSS
4.7%
top 10.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft ChakracoreMicrosoft Microsoft EdgeMicrosoft Microsoft Edge ON Windows 10 Version 1903 FOR 32-bit Systems+2 more
Timeline
PublishedMay 16
Latest updateMay 25

Description

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages7 packages

NVDmicrosoft/chakracore< 1.11.9
NuGetMicrosoft.ChakraCore< 1.11.9
CVEListV5microsoft/chakracoreunspecified
CVEListV5microsoft/microsoft_edge17 versions+16

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

15
GHSA
Out-of-bounds write2021-03-29
OSV
Out-of-bounds write2021-03-29
GHSA
Out-of-bounds write2021-03-29
GHSA
Out-of-bounds write2021-03-29
GHSA
Out-of-bounds write2021-03-29

💥Exploits & PoCs

1
Exploit-DB
Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)2023-05-25

📋Vendor Advisories

1
Microsoft
Chakra Scripting Engine Memory Corruption Vulnerability2019-05-14
CVE-2019-0916 (HIGH CVSS 7.5) | A remote code execution vulnerabili | cvebase.io