CVE-2018-0933

HIGH7.5EPSS 77.0%

ChakraCore RCE Vulnerability

發布日:2022/5/13修改日:2024/2/16

描述

ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.

受影響套件(1)

NuGet/Microsoft.ChakraCorefrom 0, < 1.8.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

參考連結(7)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-0933
PATCHhttps://github.com/chakra-core/ChakraCore
WEBhttps://github.com/chakra-core/ChakraCore/commit/6d5532d867202bc2e1b8b6b8c6f9c1c44a0f5ab8
WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0933
WEBhttps://web.archive.org/web/20201021051922/http://www.securitytracker.com/id/1040507
WEBhttps://web.archive.org/web/20210124144714/http://www.securityfocus.com/bid/103274
WEBhttps://www.exploit-db.com/exploits/44396