Vulnerabilities > CVE-2018-0774 - Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | Microsoft Edge Chakra - Incorrect Scope Handling. CVE-2018-0774. Dos exploit for Windows platform |
file | exploits/windows/dos/43715.js |
id | EDB-ID:43715 |
last seen | 2018-01-24 |
modified | 2018-01-17 |
platform | windows |
port | |
published | 2018-01-17 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/43715/ |
title | Microsoft Edge Chakra - Incorrect Scope Handling |
type | dos |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS18_JAN_4056892.NASL |
description | The remote Windows host is missing security update 4056892 or 4073291. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0744) - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0767, CVE-2018-0780, CVE-2018-0800) - An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. (CVE-2018-0803) - An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2018-0754) - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0762, CVE-2018-0772) - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0766) - An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, CVE-2018-0781) - An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certain security checks in the operating system. (CVE-2018-0749) - A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows handles objects in memory. (CVE-2018-0753) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0745, CVE-2018-0746, CVE-2018-0747) - An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2018-0743) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 105550 |
published | 2018-01-04 |
reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/105550 |
title | KB4056892: Windows 10 Version 1709 and Windows Server Version 1709 January 2018 Security Update (Meltdown)(Spectre) |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/145951/GS20180118040452.txt |
id | PACKETSTORM:145951 |
last seen | 2018-01-18 |
published | 2018-01-17 |
reporter | Google Security Research |
source | https://packetstormsecurity.com/files/145951/Microsoft-Edge-Chakra-Incorrect-Scope-Handling.html |
title | Microsoft Edge Chakra Incorrect Scope Handling |
Seebug
bulletinFamily | exploit |
description | PoC: ``` (function func(arg = function () { print(func); // SetHasOwnLocalInClosure should be called for the param scope in the PostVisitFunction function. }()) { print(func); function func() { } })(); ``` Chakra fails to distinguish whether the function is referenced in the param scope and ends up to emit an invalid opcode. |
id | SSV:97095 |
last seen | 2018-01-22 |
modified | 2018-01-22 |
published | 2018-01-22 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-97095 |
title | Microsoft Edge: Chakra: Incorrect scope handling(CVE-2018-0774) |