Miggo Logo

CVE-2019-0567: ChakraCore RCE Vulnerability

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.99681%
Published
5/13/2022
Updated
9/28/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.11.51.11.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

  1. The GitHub patch specifically adds handling for NewScObjectNoCtor/InitProto opcodes in ProcessFieldKills
  2. Exploit PoCs directly use these opcodes to trigger type confusion
  3. CWE-787 (OOB write) manifests via incorrect type assumptions during JIT optimization
  4. The missing KillObjectHeaderInlinedTypeSyms call left inconsistent type tracking
  5. Microsoft's advisory explicitly calls out 'Type confusion via NewScObjectNoCtor or InitProto' in the commit message

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in t** w*y t**t t** ***kr* s*riptin* *n*in* **n*l*s o*j**ts in m*mory in Mi*roso*t ****, *k* "***kr* S*riptin* *n*in* M*mory *orruption Vuln*r**ility." T*is *****ts Mi*roso*t ****, ***kr**or*. T*is *V* I*

Reasoning

*. T** *it*u* p*t** sp**i*i**lly ***s **n*lin* *or N*wS*O*j**tNo*tor/InitProto op*o**s in Pro**ss*i*l*Kills *. *xploit Po*s *ir**tly us* t**s* op*o**s to tri***r typ* *on*usion *. *W*-*** (OO* writ*) m*ni**sts vi* in*orr**t typ* *ssumptions *urin* JI