Vulnerabilities > CVE-2020-0811 - Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

microsoft

CWE-787

NVD

Published: 2020-03-12

Updated: 2021-07-21

Summary

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0812.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Chakracore - Microsoft Edge -	2
OS	Microsoft Microsoft Windows 10 1709 Microsoft Windows 10 1803 Microsoft Windows 10 1809 Microsoft Windows 10 1903 Microsoft Windows 10 1909 Microsoft Windows Server 2019 -	6

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

The Hacker News

id	THN:3D9F7E987C17A81C15F0745D108233C7
last seen	2020-03-11
modified	2020-03-11
published	2020-03-11
reporter	The Hacker News
source	https://thehackernews.com/2020/03/microsoft-patch-tuesday-march-2020.html
title	Microsoft Issues March 2020 Updates to Patch 115 Security Flaws

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0811