CVE-2018-8128Out-of-bounds Write in Microsoft Chakracore

CWE-787Out-of-bounds WriteCWE-125Out-of-bounds Read49 documents8 sources
Severity
7.5HIGHNVD
EPSS
22.7%
top 4.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Microsoft ChakracoreMicrosoft Internet Explorer 10Microsoft Internet Explorer 11+3 more
Timeline
PublishedMay 9
Latest updateMay 13

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8137, CVE-2018-8139.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages7 packages

CVEListV5microsoft/microsoft_edge11 versions+10
CVEListV5microsoft/chakracoreChakraCore
CVEListV5microsoft/internet_explorer_9Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

34
OSV
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
GHSA
GHSA-62p4-hcq9-29cq: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine M2022-05-13
OSV
ChakraCore RCE Vulnerability2022-05-13
GHSA
GHSA-73gm-rwrw-qwv2: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine M2022-05-13

📋Vendor Advisories

1
Microsoft
Scripting Engine Memory Corruption Vulnerability2018-05-08

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - May 20182018-05-08
Talos
Microsoft Patch Tuesday - May 20182018-05-08
CVE-2018-8128 — Out-of-bounds Write in Microsoft | cvebase