CVE-2019-1217Out-of-bounds Write in Microsoft Chakracore

CWE-787Out-of-bounds Write10 documents6 sources
Severity
7.5HIGHNVD
EPSS
4.5%
top 10.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Microsoft ChakracoreMicrosoft Edge ON Windows 10 Version 1803 FOR 32-bit SystemsMicrosoft Edge ON Windows 10 Version 1803 FOR Arm64-based Systems+8 more
Timeline
PublishedSep 11
Latest updateMar 29

Description

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages12 packages

NVDmicrosoft/chakracore< 1.11.13
CVEListV5microsoft/chakracoreunspecified

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

7
OSV
Out-of-bounds write2021-03-29
GHSA
Out-of-bounds write2021-03-29
GHSA
Out-of-bounds write2021-03-29
GHSA
Out-of-bounds write2021-03-29
GHSA
Out-of-bounds write2021-03-29

💥Exploits & PoCs

1
Exploit-DB
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow (SEH)2019-10-31

📋Vendor Advisories

1
Microsoft
Chakra Scripting Engine Memory Corruption Vulnerability2019-09-10
CVE-2019-1217 — Out-of-bounds Write in Microsoft | cvebase