cbcvebase.
CVE-2018-8373
published 2018-08-15

CVE-2018-8373: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory…

PriorityP181high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-04-15
Exploited in the wild
EPSS
61.91%
99.1th percentile
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.

Affected

14 ranges
VendorProductVersion rangeFixed in
microsoftchakracore<= 1.10.1
microsoftchakracore
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoftmicrosoft_edge
microsoftmicrosoft_edge
microsoftmicrosoft_edge
microsoftmicrosoft_edge
microsoftmicrosoft_edge
microsoftmicrosoft_edge
msrcinternet_explorer_10
msrcinternet_explorer_11
msrcinternet_explorer_9

Detection & IOCsextracted from sources · hover to see the quote

hash0d6fe137790e2ebdf4fac2dd500656f3a6f74c0d1598251929ea3558f965675f
filenamevbscript.dll
  • A second exploit variant (spotted September 18, 2018) modifies the SafeMode flag in the VBScript Engine to obtain execution permission from Shell.Application — similar execution pattern to CVE-2014-6332 and CVE-2016-0189. Also decodes a PowerShell payload.
  • CVE-2018-8373 has confirmed active in-the-wild exploitation against Internet Explorer; prioritize patching workstation-class systems used for email or browser access.
  • ·Internet Explorer 11 on Windows 10 Redstone 3 (RS3) and later is NOT vulnerable because VBScript is disabled by default; exploitation only affects older IE versions where VBScript remains enabled.
  • ·The second exploit variant (September 2018) does not work on systems with updated Internet Explorer versions.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
ghsa7.5HIGH
osv7.5HIGH
vulncheck7.5HIGH
cisa7.5HIGH
vendor_msrc6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.