CVE-2020-0825
Description
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka Scripting Engine Memory Corruption Vulnerability. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
28.794
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Scripting Engine Memory Corruption Vulnerability for Windows Server 2019 for x64-based Systems (KB4538461) | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1809 for x86-based Systems (KB4538461) | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1809 for x64-based Systems (KB4538461) | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1903 for x64-based Systems (KB4540673) | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1909 for x86-based Systems (KB4540673) | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows Server, version 1909 for x64-based Systems (KB4540673) | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1909 for x64-based Systems (KB4540673) | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1903 for x86-based Systems (KB4540673) | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows Server, version 1903 for x64-based Systems (KB4540673) | Windows |
| Multiple vulnerabilities are fixed in Nuget - Microsoft.ChakraCore 1.11.17 | Windows |
| Multiple vulnerabilities are fixed in Nuget - Microsoft.ChakraCore for Linux 1.11.17 | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-28499 | 2020-03 Cumulative Update for Windows Server 2019 for x64-based Systems (KB4538461) |
| PATCH-28500 | 2020-03 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB4538461) |
| PATCH-28501 | 2020-03 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB4538461) |
| PATCH-28502 | 2020-03 Cumulative Update for Windows 10 Version 1903 for x64-based Systems (KB4540673) |
| PATCH-28503 | 2020-03 Cumulative Update for Windows 10 Version 1909 for x86-based Systems (KB4540673) |
| PATCH-28504 | 2020-03 Cumulative Update for Windows Server, version 1909 for x64-based Systems (KB4540673) |
| PATCH-28505 | 2020-03 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4540673) |
| PATCH-28506 | 2020-03 Cumulative Update for Windows 10 Version 1903 for x86-based Systems (KB4540673) |
| PATCH-28507 | 2020-03 Cumulative Update for Windows Server, version 1903 for x64-based Systems (KB4540673) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234