CVE-2020-1172: Scripting Engine Memory Corruption Vulnerability
First published: Fri Sep 11 2020(Updated: )
<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p>
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <1.11.22 | ||
| All of | ||
| Any of | ||
| =1607 | ||
| =1709 | ||
| =1803 | ||
| =1809 | ||
| =1903 | ||
| =1909 | ||
| =2004 | ||
| Microsoft ChakraCore | <1.11.22 | |
| Microsoft Edge | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1709 | |
| Microsoft Windows 10 | =1803 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =1903 | |
| Microsoft Windows 10 | =1909 | |
| Microsoft Windows 10 | =2004 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2019 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-1172?
CVE-2020-1172 is a remote code execution vulnerability in the ChakraCore scripting engine.
What is the severity of CVE-2020-1172?
CVE-2020-1172 has a severity score of 7.5, which is considered high.
Which software is affected by CVE-2020-1172?
The affected software includes Microsoft ChakraCore, Microsoft Edge, and certain versions of Microsoft Windows 10 and Microsoft Windows Server 2016/2019.
How does CVE-2020-1172 exploit work?
CVE-2020-1172 exploits a memory corruption vulnerability in the ChakraCore scripting engine to execute remote code.
How can I protect myself from CVE-2020-1172?
To protect yourself from CVE-2020-1172, apply the security updates provided by Microsoft.
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- agent/author
- agent/softwarecombine
- agent/description
- agent/weakness
- agent/remedy
- agent/references
- agent/title
- agent/severity
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft chakracore
- canonical/microsoft edge
- canonical/microsoft windows 10
- version/microsoft windows 10/1607
- version/microsoft windows 10/1709
- version/microsoft windows 10/1803
- version/microsoft windows 10/1809
- version/microsoft windows 10/1903
- version/microsoft windows 10/1909
- version/microsoft windows 10/2004
- canonical/microsoft windows server 2016
- canonical/microsoft windows server 2019