CVE-2018-0818 — Corporation Chakracore vulnerability

7 documents6 sources

Severity

7.5HIGHNVD

EPSS

27.3%

top 3.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Chakracore

Timeline

PublishedJan 10

Latest updateMay 13

Description

Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka "Scripting Engine Security Feature Bypass".

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5microsoft_corporation/chakracoreChakraCore

🔴Vulnerability Details

GHSA

ChakraCore RCE Vulnerability↗2022-05-13

▶

OSV

ChakraCore RCE Vulnerability↗2022-05-13

▶

CVEList

CVE-2018-0818: Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target↗2018-01-10

▶

📋Vendor Advisories

Microsoft

Scripting Engine Security Feature Bypass Vulnerability↗2018-01-09

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - January 2018↗2018-01-09

▶

Talos

Microsoft Patch Tuesday - January 2018↗2018-01-09

▶