Miggo Logo

CVE-2017-11914: ChakraCore vulnerable to privilege escalation due to exposure from scriptFunction

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.9872%
Published
5/14/2022
Updated
10/10/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.7.51.7.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from a single-line code change in the GetPropertyBuiltIns method, where 'scriptFunction->GetProperty(scriptFunction, ...)' was replaced with 'scriptFunction->GetProperty(this, ...)'. The commit message explicitly states this fixes CVE-2017-11914 by ensuring the generator function (this) is used instead of the internal scriptFunction. This exposure could allow attackers to access privileged objects, leading to memory corruption and privilege escalation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

***kr**or* *n* Mi*roso*t **** in Win*ows ** ****, ****, ****, ****, *n* Win*ows S*rv*r **** *llows *n *tt**k*r to **in t** s*m* us*r ri**ts *s t** *urr*nt us*r, *u* to *ow t** s*riptin* *n*in* **n*l*s o*j**ts in m*mory, *k* "S*riptin* *n*in* M*mory *

Reasoning

T** vuln*r**ility st*ms *rom * sin*l*-lin* *o** ***n** in t** `**tProp*rty*uiltIns` m*t*o*, w**r* 's*ript*un*tion->**tProp*rty(s*ript*un*tion, ...)' w*s r*pl**** wit* 's*ript*un*tion->**tProp*rty(t*is, ...)'. T** *ommit m*ss*** *xpli*itly st*t*s t*is