1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: CVE-2018-0990 Remote Memory Corruption Vulnerability

Web Attack: CVE-2018-0990 Remote Memory Corruption Vulnerability

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

Microsoft ChakraCore is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.

Additional Information

Chakra is a JavaScript engine developed by Microsoft for its Microsoft Edge web browser. ChakraCore is the core part of Chakra JavaScript engine.

Microsoft ChakraCore is prone to a remote memory-corruption vulnerability. Specifically, this issue occurs because the ChakraCore scripting engine fails to properly handle objects in memory.

Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.

Affected

  • Microsoft Edge

Response

Updates are available. Please see the references or vendor advisory for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube