Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0775Out-of-bounds Write in Microsoft Chakracore

CWE-787Out-of-bounds Write8 documents7 sources
Severity
7.5HIGHNVD
EPSS
74.0%
top 1.17%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft ChakracoreMicrosoft Corporation Microsoft Edge
Timeline
PublishedJan 4
Latest updateMay 13

Description

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

CVEListV5microsoft_corporation/microsoft_edgeWindows 10 1709

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-xcmg-9w5x-w5m2: Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine han2022-05-13
CVEList
CVE-2018-0775: Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine han2018-01-04

💥Exploits & PoCs

1
Exploit-DB
Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes (2)2018-01-17

📋Vendor Advisories

1
Microsoft
Scripting Engine Memory Corruption Vulnerability2018-01-09

🕵️Threat Intelligence

3
Talos
Microsoft Patch Tuesday - January 20182018-01-09
Talos
Microsoft Patch Tuesday - January 20182018-01-09
Zscaler
Zscaler found Multiple Security Vulnerabilities | 01-09-2018
CVE-2018-0775 — Out-of-bounds Write in Microsoft | cvebase