cbcvebase.
CVE-2018-0978
published 2018-06-14

CVE-2018-0978: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption…

PriorityP274high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
14.74%
96.3th percentile
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8249.

Affected

13 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer_11
microsoftinternet_explorer_11
microsoftinternet_explorer_11
microsoftinternet_explorer_11
microsoftinternet_explorer_11
microsoftinternet_explorer_11
microsoftinternet_explorer_11
msrcinternet_explorer_10
msrcinternet_explorer_11
msrcinternet_explorer_9

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered when Internet Explorer improperly accesses objects in memory via a specially crafted website; monitor for IE11 process memory corruption events
  • Attack vector is web-based; attacker hosts or compromises a website to serve malicious content to IE users — monitor for suspicious IE11 navigations to newly registered or low-reputation domains
  • Initial delivery may be via email or instant message lures, or malicious email attachments — monitor for IE11 launching from email clients or document readers
  • Scope is limited to Internet Explorer 11; ensure detection rules target iexplore.exe process specifically
  • ·Exploit status at time of advisory was not publicly disclosed or actively exploited, reducing immediate urgency but not eliminating risk
  • ·CVE-2018-0978 is a distinct vulnerability from CVE-2018-8249 despite both being IE Memory Corruption RCEs — do not conflate detection signatures between the two

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck7.5HIGH
vendor_msrc2.4LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.