CVE-2018-8457Out-of-bounds Write in Microsoft Internet Explorer 10

CWE-787Out-of-bounds Write11 documents7 sources
Severity
7.5HIGHNVD
EPSS
21.3%
top 4.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Edge+1 more
Timeline
PublishedSep 13
Latest updateMay 13

Description

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8459.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

CVEListV5microsoft/internet_explorer_10Windows Server 2012
CVEListV5microsoft/internet_explorer_1118 versions+17
CVEListV5microsoft/microsoft_edge11 versions+10

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

7
GHSA
GHSA-x294-x23v-46vg: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Me2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13

📋Vendor Advisories

1
Microsoft
Scripting Engine Memory Corruption Vulnerability2018-09-11

🕵️Threat Intelligence

2
Qualys
September 2018 Patch Tuesday – 61 Vulns, FragmentSmack, Hyper-V Escape2018-09-11
Qualys
Sept 2018 Patch Tuesday | Qualys2018-09-11
CVE-2018-8457 — Out-of-bounds Write in Microsoft | cvebase