What is CVE-2020-1057?

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.

How severe is CVE-2020-1057?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2020-1057?

This is classified as CWE-787, which is a common weakness in software security.

CVE-2020-1057

HIGH Year: 2020

CVSS v3 Score

8.1

High

CVSS v2 Score

9.3

Critical

Weakness Type

CWE-787

View all →

Vulnerability Description

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.

CVE-2012-0754

HIGH

CVSS:8.1(High)

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attack...

CWE-7872012

CVE-2016-2371

HIGH

CVSS:8.1(High)

An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.

CWE-7872016

CVE-2017-2780

HIGH

CVSS:8.1(High)

An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflo...

CWE-7872017

CVE-2017-2781

HIGH

CVSS:8.1(High)

CWE-7872017

CVE-2018-5210

HIGH

CVSS:8.1(High)

On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to...

CWE-7872018

CVE-2019-11516

HIGH

CVSS:8.1(High)

An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase. Extended Inquiry Responses (EIRs) are improperly handled, which causes a heap-base...

CWE-7872019

CVE-2020-1057

Vulnerability Description

Related Vulnerabilities

CVE-2012-0754

CVE-2016-2371

CVE-2017-2780

CVE-2017-2781

CVE-2018-5210

CVE-2019-11516