CVE-2018-0781 — Out-of-bounds Write in Microsoft Chakracore

CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

7.5HIGHNVD

EPSS

24.4%

top 3.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Chakracore Microsoft Corporation Microsoft Edge

Timeline

PublishedJan 4

Latest updateMay 13

Description

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0778.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5microsoft_corporation/microsoft_edgeWindows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016.

▶NVDmicrosoft/chakracore< 1.7.6

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-c827-8pxg-p942: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the↗2022-05-13

▶

CVEList

CVE-2018-0781: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the↗2018-01-04

▶

💥Exploits & PoCs

Exploit-DB

LineageOS 14.1 Blueborne - Remote Code Execution↗2018-04-06

▶

📋Vendor Advisories

Microsoft

Scripting Engine Memory Corruption Vulnerability↗2018-01-09

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - January 2018↗2018-01-09

▶

Talos

Microsoft Patch Tuesday - January 2018↗2018-01-09

▶