CVE-2018-8464Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Edge

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents7 sources
Severity
7.5HIGHNVD
EPSS
65.1%
top 1.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Edge
Timeline
PublishedSep 13
Latest updateMay 13

Description

An remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge PDF Remote Code Execution Vulnerability." This affects Microsoft Edge.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

CVEListV5microsoft/microsoft_edge11 versions+10

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-66vq-rf8q-mmgq: An remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge PDF Remote Code2022-05-13
CVEList
CVE-2018-8464: An remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge PDF Remote Code2018-09-13

📋Vendor Advisories

1
Microsoft
Microsoft Edge PDF Remote Code Execution Vulnerability2018-09-11

🕵️Threat Intelligence

8
Trendmicro
September Patch Tuesday: Windows Fixes ALPC Bug2018-09-12
Trendmicro
September Patch Tuesday: Windows Fixes ALPC Bug2018-09-12
Trendmicro
September Patch Tuesday: Windows Fixes ALPC Bug2018-09-12
Trendmicro
September Patch Tuesday: Windows Fixes ALPC Bug2018-09-12
Trendmicro
September Patch Tuesday: Windows Fixes ALPC Bug2018-09-12
CVE-2018-8464 — Microsoft Edge vulnerability | cvebase