Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-8552Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Internet Explorer 10

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
7.5HIGHNVD
EPSS
56.3%
top 1.88%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9+1 more
Timeline
PublishedNov 14
Latest updateMay 13

Description

An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

CVEListV5microsoft/internet_explorer_9Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2+1
CVEListV5microsoft/internet_explorer_10Windows Server 2012
CVEListV5microsoft/internet_explorer_1124 versions+23

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-5f59-wq77-4wm6: An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with inf2022-05-13
CVEList
CVE-2018-8552: An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with inf2018-11-14

💥Exploits & PoCs

1
Exploit-DB
VBScript - 'rtFilter' Out-of-Bounds Read2018-11-30

📋Vendor Advisories

1
Microsoft
Scripting Engine Memory Corruption Vulnerability2018-11-13
CVE-2018-8552 — Microsoft vulnerability | cvebase