Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS03MzVmLW14N2gtNDZ3OM4AAX8S

ChakraCore vulnerable to remote code execution due to insufficient InlineCache check

ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". An insufficient InlineCache check can lead to type confusion, which could potentially allow for remote code execution.

This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.

Permalink: https://github.com/advisories/GHSA-735f-mx7h-46w8
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03MzVmLW14N2gtNDZ3OM4AAX8S
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 7 months ago

CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Identifiers: GHSA-735f-mx7h-46w8, CVE-2017-11910
References:

• https://nvd.nist.gov/vuln/detail/CVE-2017-11910
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11910
• https://github.com/chakra-core/ChakraCore/pull/4411
• https://github.com/chakra-core/ChakraCore/commit/40232a443c6316a58941572b0a4776b0677975ca
• https://web.archive.org/web/20210124122716/http://www.securityfocus.com/bid/102086
• https://web.archive.org/web/20210829201729/http://www.securitytracker.com/id/1039990
• https://github.com/advisories/GHSA-735f-mx7h-46w8

Repository: https://github.com/chakra-core/ChakraCore
Blast Radius: 1.0

Affected Packages