漏洞标题
Chakra 脚本引擎内存破坏性漏洞
漏洞描述信息
一种远程代码执行漏洞存在于Microsoft Edge中,Chakra脚本引擎在内存中处理对象的方式,称为“Chakra脚本引擎内存损坏漏洞”。此CVE ID不同于CVE-2019-1131、CVE-2019-1139、CVE-2019-1140、CVE-2019-1141、CVE-2019-1196和CVE-2019-1197。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Chakra Scripting Engine Memory Corruption Vulnerability
漏洞描述信息
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
Microsoft Edge和ChakraCore 缓冲区错误漏洞
漏洞描述信息
Microsoft ChakraCore和Microsoft Edge都是美国微软(Microsoft)公司的产品。ChakraCore是使用在Edge浏览器中的一个开源的ChakraJavaScript脚本引擎的核心部分,也可作为单独的JavaScript引擎使用。Microsoft Edge是一款Windows 10之后版本系统附带的Web浏览器。 Microsoft ChakraCore和Microsoft Edge中存在远程代码执行漏洞。攻击者可利用该漏洞在当前用户的上下文中执行任意代码,损坏内存
CVSS信息
N/A
漏洞类别
缓冲区错误