KLA11264
Multiple vulnerabilities in Microsoft ChakraCore
Updated: 07/05/2018
CVSS
?
7.5
Detect date
?
06/12/2018
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Microsoft ChakraCore. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An incorrect handling of objects in memory of Chakra scripting engine can be exploited locally via unspecified attack vector to execute arbitrary code;
  2. Memory corruption vulnerability in ChakraCore scripting engine can be exploited locally via unspecified attack vector to execute arbitrary code.
Affected products

ChakraCore

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8227
CVE-2018-8229
CVE-2018-8243

Impacts
?
ACE 
[?]
CVE-IDS
?

CVE-2018-8243
CVE-2018-8229
CVE-2018-8227

Microsoft official advisories
CVE-2018-8227
CVE-2018-8229
CVE-2018-8243