ChakraCore Vulnerability: Control Flow Guard Bypass and Arbitrary Code Execution

ChakraCore Vulnerability: Control Flow Guard Bypass and Arbitrary Code Execution

CVE-2018-0818 · HIGH Severity

AV:N/AC:M/AU:S/C:C/I:C/A:C

Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka "Scripting Engine Security Feature Bypass".

Learn more about our Web Application Penetration Testing UK.