Remote Code Execution Vulnerability in Microsoft Browsers
CVE-2018-8355

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Chakracore
Internet Explorer 11
Microsoft Edge
Vendor
CVE Published:
15 August 2018

Summary

A vulnerability exists in Microsoft browsers' scripting engine, which can lead to remote code execution if an attacker manages to trick a user into executing maliciously crafted scripts. This vulnerability specifically pertains to how the scripting engine processes objects in memory, potentially allowing an attacker to execute arbitrary code on a victim's system. Exploitation of this flaw may enable attackers to gain elevated privileges and access sensitive user data.

Affected Version(s)

ChakraCore ChakraCore

Internet Explorer 11 Windows 10 for 32-bit Systems

Internet Explorer 11 Windows 10 for x64-based Systems

References

http://www.securitytracker.com/id/1041457
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104978
vdb-entryx_refsource_BID

EPSS Score

91% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.