CVE-2019-1298: Detailed Vulnerability Analysis and Overview

CVE-2019-1298 Vulnerability Summary

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1300.

CVE-2019-1298: Detailed Information and External References

EPSS

0.02130

EPSS %

0.89534

References

0.02130

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1298

CWE

CWE-787

Vulnerable Configurations

• cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
  cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
  cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
  cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
  cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
  cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
  cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
  cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
  cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.2.0:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.2.0:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.2.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.2.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.2.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.2.1:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.2.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.2.2:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.2.3:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.2.3:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.3.0:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.3.0:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.3.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.3.1:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.3.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.3.2:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.4.0:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.4.0:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.4.1:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.4.2:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.4.3:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.4.3:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.4.4:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.4.4:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.4.5:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.4.5:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.5.0:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.5.0:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.5.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.5.1:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.5.2:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.5.3:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.5.3:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.6.0:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.6.0:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.6.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.6.1:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.6.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.6.2:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.7.0:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.7.0:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.7.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.7.1:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.7.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.7.2:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.7.3:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.7.3:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.7.4:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.7.4:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.7.5:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.7.5:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.7.6:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.7.6:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.8.0:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.8.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.8.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.8.2:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.8.3:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.8.3:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.8.4:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.8.4:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.8.5:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.8.5:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.10.0:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.10.0:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.10.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.10.1:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.10.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.10.2:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.11.0:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.11.0:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.11.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.11.1:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.11.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.11.2:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.11.3:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.11.3:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.11.4:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.11.4:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.11.5:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.11.5:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.11.6:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.11.6:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.11.7:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.11.7:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.11.8:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.11.8:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.11.9:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.11.9:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.11.10:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.11.10:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.11.11:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.11.11:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:chakracore:1.11.12:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:chakracore:1.11.12:*:*:*:*:*:*:*

CVSS3 Source

nvd@nist.gov

CVSS3 Type

Primary

CVSS3 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H