KLA11264
Multiple vulnerabilities in Microsoft ChakraCore
Обновлено: 03/06/2019
Дата обнаружения
12/06/2018
Уровень угрозы
Warning
Описание

Multiple serious vulnerabilities have been found in Microsoft ChakraCore. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An incorrect handling of objects in memory of Chakra scripting engine can be exploited locally via unspecified attack vector to execute arbitrary code;
  2. Memory corruption vulnerability in ChakraCore scripting engine can be exploited locally via unspecified attack vector to execute arbitrary code.
Пораженные продукты

ChakraCore

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2018-8227
CVE-2018-8229
CVE-2018-8243
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

SB 
[?]
Связанные продукты
ChakraCore
CVE-IDS
CVE-2018-82277.5Critical
CVE-2018-82297.5Critical
CVE-2018-82437.5Critical
Microsoft official advisories
Microsoft Security Update Guide