CVE-2019-1023Sensitive Information Exposure in Microsoft Chakracore

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
12.4%
top 6.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ChakracoreMicrosoft Edge
Timeline
PublishedJun 12
Latest updateMay 24

Description

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5microsoft/microsoft_edge1.0..0publication
CVEListV5microsoft/chakracore< publication
NVDmicrosoft/chakracore< 1.11.10

Patches

Patch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-vvjq-jmj5-8cj7: An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting2022-05-24
CVEList
Scripting Engine Information Disclosure Vulnerability2019-06-12

💥Exploits & PoCs

1
Exploit-DB
Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free2019-05-21

📋Vendor Advisories

1
Microsoft
Scripting Engine Information Disclosure Vulnerability2019-06-11
CVE-2019-1023 — Sensitive Information Exposure | cvebase