CVE-2018-0993Out-of-bounds Write in Microsoft Chakracore

CWE-787Out-of-bounds Write38 documents9 sources
Severity
7.5HIGHNVD
EPSS
22.7%
top 4.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ChakracoreMicrosoft Edge
Timeline
PublishedApr 12
Latest updateMay 13

Description

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages3 packages

CVEListV5microsoft/chakracoreChakraCore
CVEListV5microsoft/microsoft_edge11 versions+10

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

21
OSV
ChakraCore RCE Vulnerability2022-05-13
OSV
ChakraCore RCE Vulnerability2022-05-13
OSV
ChakraCore RCE Vulnerability2022-05-13
OSV
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13

📋Vendor Advisories

1
Microsoft
Chakra Scripting Engine Memory Corruption Vulnerability2018-04-10

🕵️Threat Intelligence

8
Trendmicro
Microsoft Fixes Vulnerabilities in Fonts and Keyboard2018-04-11
Trendmicro
Microsoft Fixes Vulnerabilities in Fonts and Keyboard2018-04-11
Trendmicro
Microsoft Fixes Vulnerabilities in Fonts and Keyboard2018-04-11
Trendmicro
Microsoft Fixes Vulnerabilities in Fonts and Keyboard2018-04-11
Trendmicro
Microsoft Fixes Vulnerabilities in Fonts and Keyboard2018-04-11

💬Community

1
Bugzilla
CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 clamav: Multiple vulnerabilities fixed in 0.99.32018-01-29
CVE-2018-0993 — Out-of-bounds Write in Microsoft | cvebase