CVE-2018-8509
published 2018-10-10CVE-2018-8509: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability."…
PriorityP345high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EPSS
13.13%
95.9th percentile
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8473.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| msrc | microsoft_edge_on_windows_10_version_1709_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1709_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1803_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1803_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_msrc4.2MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mw9g-9q6h-rwwq: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerab
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2018-8473 [HIGH] CWE-787 GHSA-mw9g-9q6h-rwwq: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerab
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8509.
GHSA
GHSA-w489-v44g-vvrq: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerab
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2018-8509 [HIGH] CWE-787 GHSA-w489-v44g-vvrq: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerab
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8473.
Microsoft
Microsoft Edge Memory Corruption Vulnerability
vendor_msrc·2018-10-09·CVSS 4.2
CVE-2018-8509 [HIGH] Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
blogs_talos·2018-10-09·CVSS 7.5
[HIGH] Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, 12 of which are rated "critical," 34 that are rated "important,” two that are considered to have “moderate” severity and one that’s rated as “low.”
The advisories cover bugs in the Chakra scripting engine, the Microsoft Edge internet browser and the Microsoft Office suite of products, among other software.
This update also includes a critical advisory that covers updates to the Microsoft Office suite of products.
Please visit the SNORTⓇ blog here if you would like to know more about the coverage we have for these vulnerabilities.
Critical vulnerabilities
Microsoft has disclosed 12 critical vulnerabilities this mont
Talos
Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
blogs_talos·2018-10-09·CVSS 7.5
[HIGH] Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, 12 of which are rated "critical," 34 that are rated "important,” two that are considered to have “moderate” severity and one that’s rated as “low.”
The advisories cover bugs in the Chakra scripting engine, the Microsoft Edge internet browser and the Microsoft Office suite of products, among other software.
This update also includes a critical advisory that covers updates to the Microsoft Office suite of products .
Please visit the SNORTⓇ blog here if you would like to know more about the coverage we have for these vulnerabilities.
http://www.securityfocus.com/bid/105462http://www.securitytracker.com/id/1041825https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8509http://www.securityfocus.com/bid/105462http://www.securitytracker.com/id/1041825https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8509
2018-10-10
Published