CVE-2019-1300Out-of-bounds Write in Microsoft Chakracore

CWE-787Out-of-bounds Write11 documents7 sources
Severity
7.5HIGHNVD
EPSS
3.8%
top 11.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
21
Microsoft ChakracoreMicrosoft Edge ON Windows 10 FOR 32-bit SystemsMicrosoft Edge ON Windows 10 FOR X64-based Systems+18 more
Timeline
PublishedSep 11
Latest updateMar 29

Description

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages22 packages

NVDmicrosoft/chakracore< 1.11.13
CVEListV5microsoft/chakracoreunspecified

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

7
OSV
Out-of-bounds write2021-03-29
GHSA
Out-of-bounds write2021-03-29
GHSA
Out-of-bounds write2021-03-29
GHSA
Out-of-bounds write2021-03-29
GHSA
Out-of-bounds write2021-03-29

💥Exploits & PoCs

1
Exploit-DB
Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection2019-03-26

📋Vendor Advisories

1
Microsoft
Chakra Scripting Engine Memory Corruption Vulnerability2019-09-10
CVE-2019-1300 — Out-of-bounds Write in Microsoft | cvebase