Fwd: [CIVN-2020-0437] Chakra Scripting Engine Memory Corruption Vulnerability

1 year ago 70

Severity Rating: HIGH

Systems Affected

Microsoft Edge

Overview

A remote code execution vulnerability have been reported in Microsoft Edge

and ChakraCore scripting engine which could be exploited by an

unauthenticated remote attacker to execute arbitrary code on a targeted

system.

Description

This remote code execution vulnerabilities exist in Microsoft Edge and

ChakraCore scripting engine due to improper handling of memory objects. An

attacker could exploit this vulnerability by creating a specially crafted

web page and lure the user into viewing the webpage. 

Successful exploitation of this vulnerability could allow a remote attacker

to execute arbitrary code on targeted system.

Solution

Apply appropriate patch as mentioned in Microsoft Security Guidance 

Vendor Information

Microsoft

References

Microsoft

CVE Name

CVE-2020-17131

About Cert Advisory

Related Posts

Read Entire Article