Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-8353Use After Free in Microsoft Internet Explorer

CWE-416Use After FreeCWE-787Out-of-bounds Write11 documents6 sources
Severity
7.5HIGHNVD
EPSS
81.4%
top 0.83%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Microsoft ChakracoreMicrosoft EdgeMicrosoft Internet Explorer
Timeline
PublishedAug 15
Latest updateMay 13

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages3 packages

CVEListV5microsoft/chakracoreChakraCore
CVEListV5microsoft/microsoft_edge6 versions+5

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

8
GHSA
GHSA-r7hq-ppp5-wmmx: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engin2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - JScript RegExp.lastIndex Use-After-Free2018-08-28

📋Vendor Advisories

1
Microsoft
Scripting Engine Memory Corruption Vulnerability2018-08-14
CVE-2018-8353 — Use After Free in Microsoft | cvebase