Remote Code Execution in Microsoft Browsers due to Memory Corruption
CVE-2018-8287

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Chakracore
Internet Explorer 11
Microsoft Edge
Internet Explorer 10
Vendor
CVE Published:
11 July 2018

Summary

A remote code execution vulnerability exists in Microsoft browsers due to improper handling of objects in memory by the scripting engine. This flaw can allow an attacker to execute arbitrary code on the affected system, potentially compromising user data and system integrity. Users and administrators are advised to apply patches and updates to mitigate this risk.

Affected Version(s)

ChakraCore ChakraCore

Internet Explorer 10 Windows Server 2012

Internet Explorer 11 Windows 10 for 32-bit Systems

References

http://www.securitytracker.com/id/1041256
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104634
vdb-entryx_refsource_BID

EPSS Score

49% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.