GSA_kwCzR0hTQS05ZjJwLXdtNDYtNm01Zs4AAYHa

High EPSS: 0.76207% (0.98862 Percentile) EPSS:

Permalink JSON

Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects

Affected Packages	Affected Versions	Fixed Versions
nuget:Microsoft.ChakraCore PURL: `pkg:nuget/Microsoft.ChakraCore`	< 1.7.4	1.7.4
1 Dependent packages 0 Dependent repositories 1,141,105 Downloads total Affected Version Ranges All affected versions 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3 All unaffected versions 1.7.4, 1.7.5, 1.7.6, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.10.0, 1.10.1, 1.10.2, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10, 1.11.11, 1.11.12, 1.11.13, 1.11.14, 1.11.15, 1.11.16, 1.11.17, 1.11.18, 1.11.19, 1.11.20, 1.11.21, 1.11.22, 1.11.23, 1.11.24

ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory. This could be exploited using write-AV when writing to a slot of a JavaScript null scope object.

This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11871, and CVE-2017-11873.

References:

Identifiers

GHSA-9f2p-wm46-6m5f

CVE-2017-11870

Risk

Severity

High

EPSS

EPSS Percentage: 0.76207

EPSS Percentile: 0.98862

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/chakra-core/ChakraCore

Date and time

Published

over 3 years ago

Updated

almost 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories