Vulnerabilities > CVE-2020-0813 - Unspecified vulnerability in Microsoft Chakracore and Edge

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

microsoft

NVD

Published: 2020-03-12

Updated: 2021-07-21

Summary

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the userâ€™s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Chakracore - Microsoft Edge -	2
OS	Microsoft Microsoft Windows 10 1709 Microsoft Windows 10 1803 Microsoft Windows 10 1809 Microsoft Windows 10 1903 Microsoft Windows 10 1909 Microsoft Windows Server 2019 -	6

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0813