Vulnerabilities > CVE-2018-0925 - Out-of-bounds Write vulnerability in Microsoft Chakracore

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

microsoft

CWE-787

NVD

Published: 2018-03-14

Updated: 2020-08-24

Summary

ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0935.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Chakracore -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0925
http://www.securityfocus.com/bid/103287