Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-8467Out-of-bounds Write in Microsoft Chakracore

CWE-787Out-of-bounds Write33 documents10 sources
Severity
7.5HIGHNVD
EPSS
79.3%
top 0.92%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft ChakracoreMicrosoft Edge
Timeline
PublishedSep 13
Latest updateMay 13

Description

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8466.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages3 packages

CVEListV5microsoft/chakracoreChakraCore
CVEListV5microsoft/microsoft_edge11 versions+10

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

12
OSV
ChakraCore RCE Vulnerability2022-05-13
OSV
ChakraCore RCE Vulnerability2022-05-13
OSV
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Edge Chakra JIT - Type Confusion2018-10-09

📋Vendor Advisories

1
Microsoft
Chakra Scripting Engine Memory Corruption Vulnerability2018-09-11

🕵️Threat Intelligence

15
Fortinet
A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-85872018-12-16
Fortinet
Exploiting an RCE bug in the UDP Protocol implemented in FreeRTOS2018-12-04
Fortinet
Patch Your Microsoft Outlook: Fortinet Discovered Four Outlook Remote Code Execution Vulnerabilities2018-11-13
Fortinet
An Analysis of Microsoft Edge Chakra JavascriptArray TypeId Handling Memory Corruption (CVE-2018-8467)2018-10-19
Fortinet
Microsoft JET Database Engine Code Execution Vulnerability2018-09-14
CVE-2018-8467 — Out-of-bounds Write in Microsoft | cvebase