cbcvebase.
CVE-2018-0837
published 2018-02-15

CVE-2018-0837: Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the…

PriorityP268high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
65.86%
99.2th percentile
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.

Affected

16 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoft_corporationinternet_explorer
msrcchakracore
msrcmicrosoft_edge_on_windows_10_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1703_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1703_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1709_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1709_for_x64-based_systems
msrcmicrosoft_edge_on_windows_server_2016

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://www.exploit-db.com/exploits/44081
  • Look for JIT type confusion abuse via 'LdThis' instruction in ChakraCore — the PoC triggers by calling a function with a mismatched 'this' context (an array used as 'this') after a JIT warm-up loop of ~10000 iterations, causing a type confusion between Object and Array types.
  • Detect exploitation attempts via web-based delivery: monitor for Microsoft Edge (HTML-based) navigating to specially crafted websites hosting content designed to trigger scripting engine memory corruption.
  • Monitor for post-exploitation activity: new account creation, program installation, or data modification under the context of the current user, especially if running with administrative rights.
  • ·The vulnerability affects Microsoft Edge (HTML-based) and ChakraCore across multiple Windows 10 versions (Gold, 1511, 1607, 1703, 1709) and Windows Server 2016; scope detection rules accordingly.
  • ·Exploit status at time of advisory was 'Publicly Disclosed: No; Exploited: No' but rated 'Exploitation More Likely' for the latest software release — treat as high-priority patching target.
  • ·A public PoC (EDB-44081) exists for this CVE demonstrating the LdThis type confusion primitive, lowering the bar for weaponization.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
ghsa7.5HIGH
osv7.5HIGH
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.