Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Memory Corruption Vulnerability in Microsoft Scripting Engine

 

Systems Affected


ChakraCore
Microsoft Edge (EdgeHTML-based) for
  ✻  Windows 10 for 32-bit systems and x64-based System
  ✻  Windows 10 version 1607 for 32-bit Systems and x64-based Systems
  ✻  Windows 10 version 1709 for 32-bit Systems, ARM64-based Systems and x64-based Systems
  ✻  Windows 10 version 1803 for 32-bit Systems, ARM64-based Systems and x64-based Systems
  ✻  Windows 10 version 1809 for 32-bit Systems, ARM64-based Systems and x64-based Systems
  ✻  Windows 10 version 1903 for 32-bit Systems, ARM64-based Systems and x64-based Systems
  ✻  Windows 10 version 1909 for 32-bit Systems, ARM64-based Systems and x64-based Systems
  ✻  Windows Server 2016
  ✻  Windows Server 2019

Threat Level


Medium


Overview


Vulnerability resides in the Microsoft script engine where an attacker could perform remote code execution with the user privilege of the current user


Description


Vulnerability exists in the Chakra scripting engine due to the ineffective way of handling objects in the memory. Remote attacker could exploit this vulnerability to execute arbitrary code pretending to be the current user. Which means an attacker could gain the same user privilege as the currently logged-in user. If the user has logged-in with administrator privileges an attacker could do more damage to the system.


Impact


  ✻  Possibility of exposing confidential information to unauthorized parties
  ✻  System could be infected with malware


Solution/ Workarounds


  ✻  Apply appropriate patches as mentioned in the Microsoft Security Guidance
   https://portal.msrc.microsoft.com/en-us/security-guidance


References


  ✻  https://www.cert-in.org.in
  ✻  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1073


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.