CVE-2018-8473Out-of-bounds Write in Microsoft Chakracore

CWE-787Out-of-bounds Write4 documents4 sources
Severity
7.5HIGHNVD
EPSS
28.2%
top 3.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ChakracoreMicrosoft Edge
Timeline
PublishedOct 10
Latest updateMay 13

Description

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8509.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

CVEListV5microsoft/microsoft_edge8 versions+7
CVEListV5microsoft/chakracoreChakraCore

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-mw9g-9q6h-rwwq: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerab2022-05-13
CVEList
CVE-2018-8473: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerab2018-10-10

📋Vendor Advisories

1
Microsoft
Microsoft Edge Memory Corruption Vulnerability2018-10-09
CVE-2018-8473 — Out-of-bounds Write in Microsoft | cvebase