CVE-2018-8491
published 2018-10-10CVE-2018-8491: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption…
PriorityP347high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EPSS
13.13%
95.9th percentile
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8460.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| msrc | internet_explorer_11 | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8c55-35jf-p84p: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vu
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2018-8491 [HIGH] CWE-787 GHSA-8c55-35jf-p84p: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vu
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8460.
GHSA
GHSA-6437-4hgj-m435: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vu
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2018-8460 [HIGH] CWE-787 GHSA-6437-4hgj-m435: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vu
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8491.
Microsoft
Internet Explorer Memory Corruption Vulnerability
vendor_msrc·2018-10-09·CVSS 7.5
CVE-2018-8491 [HIGH] Internet Explorer Memory Corruption Vulnerability
Internet Explorer Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to vie
No detection rules found.
No public exploits indexed.
Trendmicro
Patch Tuesday Fixes JET Database Engine, Win32K bugs
blogs_trendmicro·2018-10-10·CVSS 7.8
CVE-2018-8423 [HIGH] Patch Tuesday Fixes JET Database Engine, Win32K bugs
Exploits y vulnerabilidades
## Patch Tuesday Fixes JET Database Engine, Win32K bugs
This month’s Patch Tuesday fixes a JET Database Engine Vulnerability (CVE-2018-8423) that Trend Micro’s Zero Day Initiative (ZDI) disclosed last September together with a proof of concept code.
By: Trend Micro Oct 10, 2018 Read time: ( words)
Save to Folio
This month’s Patch Tuesday fixes a JET Database Engine Vulnerability ( CVE-2018-8423 ) that Trend Micro’s Zero Day Initiative (ZDI) disclosed last September together with a proof of concept code. The vulnerability, which was rated as Important, can allow an attacker to send a specially crafted file containing data in the JET database format. When accessed on a machine, it can allow the JET database engine to execute an out-of-bounds write that would
Trendmicro
Patch Tuesday Fixes JET Database Engine, Win32K bugs
blogs_trendmicro·2018-10-10·CVSS 7.8
CVE-2018-8423 [HIGH] Patch Tuesday Fixes JET Database Engine, Win32K bugs
Exploits & Vulnerabilities
# Patch Tuesday Fixes JET Database Engine, Win32K bugs
This month’s Patch Tuesday fixes a JET Database Engine Vulnerability (CVE-2018-8423) that Trend Micro’s Zero Day Initiative (ZDI) disclosed last September together with a proof of concept code.
By: Trend Micro
2018/10/10
Read time: ( words)
Save to Folio
This month’s Patch Tuesday fixes a JET Database Engine Vulnerability (CVE-2018-8423) that Trend Micro’s Zero Day Initiative (ZDI) disclosed last September together with a proof of concept code. The vulnerability, which was rated as Important, can allow an attacker to send a specially crafted file containing data in the JET database format. When accessed on a machine, it can allow the JET database engine to execute an out-of-bounds write that would then
Trendmicro
Patch Tuesday Fixes JET Database Engine, Win32K bugs
blogs_trendmicro·2018-10-10·CVSS 7.8
CVE-2018-8423 [HIGH] Patch Tuesday Fixes JET Database Engine, Win32K bugs
Exploits & Vulnerabilities
## Patch Tuesday Fixes JET Database Engine, Win32K bugs
This month’s Patch Tuesday fixes a JET Database Engine Vulnerability (CVE-2018-8423) that Trend Micro’s Zero Day Initiative (ZDI) disclosed last September together with a proof of concept code.
By: Trend Micro Oct 10, 2018 Read time: ( words)
Save to Folio
This month’s Patch Tuesday fixes a JET Database Engine Vulnerability ( CVE-2018-8423 ) that Trend Micro’s Zero Day Initiative (ZDI) disclosed last September together with a proof of concept code. The vulnerability, which was rated as Important, can allow an attacker to send a specially crafted file containing data in the JET database format. When accessed on a machine, it can allow the JET database engine to execute an out-of-bounds write that would t
Trendmicro
Patch Tuesday Fixes JET Database Engine, Win32K bugs
blogs_trendmicro·2018-10-10·CVSS 7.8
CVE-2018-8423 [HIGH] Patch Tuesday Fixes JET Database Engine, Win32K bugs
Exploits & Vulnerabilities
## Patch Tuesday Fixes JET Database Engine, Win32K bugs
This month’s Patch Tuesday fixes a JET Database Engine Vulnerability (CVE-2018-8423) that Trend Micro’s Zero Day Initiative (ZDI) disclosed last September together with a proof of concept code.
By: Trend Micro 2018/10/10 Read time: ( words)
Save to Folio
This month’s Patch Tuesday fixes a JET Database Engine Vulnerability ( CVE-2018-8423 ) that Trend Micro’s Zero Day Initiative (ZDI) disclosed last September together with a proof of concept code. The vulnerability, which was rated as Important, can allow an attacker to send a specially crafted file containing data in the JET database format. When accessed on a machine, it can allow the JET database engine to execute an out-of-bounds write that would the
Trendmicro
Patch Tuesday Fixes JET Database Engine, Win32K bugs
blogs_trendmicro·2018-10-10·CVSS 7.8
CVE-2018-8423 [HIGH] Patch Tuesday Fixes JET Database Engine, Win32K bugs
Ausnutzung von Schwachstellen
## Patch Tuesday Fixes JET Database Engine, Win32K bugs
This month’s Patch Tuesday fixes a JET Database Engine Vulnerability (CVE-2018-8423) that Trend Micro’s Zero Day Initiative (ZDI) disclosed last September together with a proof of concept code.
By: Trend Micro Oct 10, 2018 Read time: ( words)
Save to Folio
This month’s Patch Tuesday fixes a JET Database Engine Vulnerability ( CVE-2018-8423 ) that Trend Micro’s Zero Day Initiative (ZDI) disclosed last September together with a proof of concept code. The vulnerability, which was rated as Important, can allow an attacker to send a specially crafted file containing data in the JET database format. When accessed on a machine, it can allow the JET database engine to execute an out-of-bounds write that woul
Talos
Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
blogs_talos·2018-10-09·CVSS 7.5
[HIGH] Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, 12 of which are rated "critical," 34 that are rated "important,” two that are considered to have “moderate” severity and one that’s rated as “low.”
The advisories cover bugs in the Chakra scripting engine, the Microsoft Edge internet browser and the Microsoft Office suite of products, among other software.
This update also includes a critical advisory that covers updates to the Microsoft Office suite of products.
Please visit the SNORTⓇ blog here if you would like to know more about the coverage we have for these vulnerabilities.
Critical vulnerabilities
Microsoft has disclosed 12 critical vulnerabilities this mont
Talos
Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
blogs_talos·2018-10-09·CVSS 7.5
[HIGH] Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, 12 of which are rated "critical," 34 that are rated "important,” two that are considered to have “moderate” severity and one that’s rated as “low.”
The advisories cover bugs in the Chakra scripting engine, the Microsoft Edge internet browser and the Microsoft Office suite of products, among other software.
This update also includes a critical advisory that covers updates to the Microsoft Office suite of products .
Please visit the SNORTⓇ blog here if you would like to know more about the coverage we have for these vulnerabilities.
Zscaler
Security Advisory – October 09, 2018
blogs_zscaler·CVSS 9.3
[CRITICAL] Security Advisory – October 09, 2018
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/105454http://www.securitytracker.com/id/1041841https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8491http://www.securityfocus.com/bid/105454http://www.securitytracker.com/id/1041841https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8491
2018-10-10
Published