What is the severity of CVE-2019-0861?

CVE-2019-0861 is classified as a critical remote code execution vulnerability.

How do I fix CVE-2019-0861?

To mitigate CVE-2019-0861, users should update Microsoft Edge or Microsoft ChakraCore to the latest version that patches this vulnerability.

What products are affected by CVE-2019-0861?

CVE-2019-0861 primarily affects Microsoft Edge and versions of Microsoft ChakraCore prior to 1.11.8.

Is CVE-2019-0861 exploitable remotely?

Yes, CVE-2019-0861 can be exploited remotely if the user visits a malicious website.

Are there any alternative mitigations for CVE-2019-0861?

While updating is the primary mitigation for CVE-2019-0861, users can also consider disabling scripting features in the browser as an alternative.

Vulnerability/
CVE-2019-0861

high

7.6

CWE

787

9/4/2019

13/5/2022

4/8/2024

CVE-2019-0861

First published: Tue Apr 09 2019(Updated: )

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860.

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
nuget/Microsoft.ChakraCore	<1.11.8	1.11.8
Microsoft Edge
Microsoft Windows 10
Microsoft Windows 10	=1607
Microsoft Windows 10	=1703
Microsoft Windows 10	=1709
Microsoft Windows 10	=1803
Microsoft Windows 10	=1809
Microsoft Windows Server 2016
Microsoft Windows Server 2016	=1709
Microsoft Windows Server 2016	=1803
Microsoft Windows Server 2019
Microsoft ChakraCore	<1.11.8

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0861

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-0861?
CVE-2019-0861 is classified as a critical remote code execution vulnerability.
How do I fix CVE-2019-0861?
To mitigate CVE-2019-0861, users should update Microsoft Edge or Microsoft ChakraCore to the latest version that patches this vulnerability.
What products are affected by CVE-2019-0861?
CVE-2019-0861 primarily affects Microsoft Edge and versions of Microsoft ChakraCore prior to 1.11.8.
Is CVE-2019-0861 exploitable remotely?
Yes, CVE-2019-0861 can be exploited remotely if the user visits a malicious website.
Are there any alternative mitigations for CVE-2019-0861?
While updating is the primary mitigation for CVE-2019-0861, users can also consider disabling scripting features in the browser as an alternative.

collector/github-advisory-latest
alias/GHSA-qxmj-3c5h-546c
alias/CVE-2019-0861
collector/github-advisory
agent/author
agent/type
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
agent/severity
agent/remedy
agent/references
agent/weakness
agent/description
collector/nvd-cve
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/tags
agent/source
package-manager/nuget
vendor/microsoft
canonical/microsoft edge
canonical/microsoft windows 10
version/microsoft windows 10/1607
version/microsoft windows 10/1703
version/microsoft windows 10/1709
version/microsoft windows 10/1803
version/microsoft windows 10/1809
canonical/microsoft windows server 2016
version/microsoft windows server 2016/1709
version/microsoft windows server 2016/1803
canonical/microsoft windows server 2019
canonical/microsoft chakracore

Frequently Asked Questions

What is the severity of CVE-2019-0861?
CVE-2019-0861 is classified as a critical remote code execution vulnerability.
How do I fix CVE-2019-0861?
To mitigate CVE-2019-0861, users should update Microsoft Edge or Microsoft ChakraCore to the latest version that patches this vulnerability.
What products are affected by CVE-2019-0861?
CVE-2019-0861 primarily affects Microsoft Edge and versions of Microsoft ChakraCore prior to 1.11.8.
Is CVE-2019-0861 exploitable remotely?
Yes, CVE-2019-0861 can be exploited remotely if the user visits a malicious website.
Are there any alternative mitigations for CVE-2019-0861?
While updating is the primary mitigation for CVE-2019-0861, users can also consider disabling scripting features in the browser as an alternative.

CVE-2019-0861

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-0861?

How do I fix CVE-2019-0861?

What products are affected by CVE-2019-0861?

Is CVE-2019-0861 exploitable remotely?

Are there any alternative mitigations for CVE-2019-0861?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2019-0861?

How do I fix CVE-2019-0861?

What products are affected by CVE-2019-0861?

Is CVE-2019-0861 exploitable remotely?

Are there any alternative mitigations for CVE-2019-0861?