Miggo Logo

CVE-2017-11909: ChakraCore vulnerable to remote code execution

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.98752%
Published
5/14/2022
Updated
10/10/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.7.51.7.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The GitHub patch explicitly modifies this function to add a branch instruction (Br) to maintain control flow coherence. The CVE description directly attributes the vulnerability to this function's failure to handle branches/control flow after loop removal. The commit message and exploit analysis confirm this was the root cause of memory corruption.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

***kr**or* *n* Win*ows ** ****, ****, ****, ****, *n* Win*ows S*rv*r **** *llows *n *tt**k*r to *x**ut* *r*itr*ry *o** in t** *ont*xt o* t** *urr*nt us*r, *u* to *ow t** s*riptin* *n*in* **n*l*s o*j**ts in m*mory, *k* "S*riptin* *n*in* M*mory *orrupt

Reasoning

T** *it*u* p*t** *xpli*itly mo*i*i*s t*is `*un*tion` to *** * *r*n** instru*tion (*r) to m*int*in *ontrol *low *o**r*n**. T** *V* **s*ription *ir**tly *ttri*ut*s t** vuln*r**ility to t*is `*un*tion`'s **ilur* to **n*l* *r*n***s/*ontrol *low **t*r loo