漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Scripting Engine Memory Corruption Vulnerability
Vulnerability Description
<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p>
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
Microsoft ChakraCore 缓冲区错误漏洞
Vulnerability Description
Microsoft ChakraCore是美国微软(Microsoft)公司的使用在Edge浏览器中的一个开源的ChakraJavaScript脚本引擎的核心部分,也可作为单独的JavaScript引擎使用。 Microsoft ChakraCore 中存在缓冲区错误漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。攻击者可利用此漏洞可控制受影响的系统。以下产品及版本受到影响: ChakraCore版本, Microsoft Edge版本。
CVSS Information
N/A
Vulnerability Type
N/A