CVE-2018-8653
published 2018-12-20CVE-2018-8653: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory…
PriorityP279high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
29.82%
98.0th percentile
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| msrc | internet_explorer_10 | — | — |
| msrc | internet_explorer_11 | — | — |
| msrc | internet_explorer_9 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2018-8653 was being actively exploited in targeted attacks at time of patch release; multiple exploit kits incorporated publicly released PoC code — prioritize detection on systems running IE 9, 10, and 11. ↗
- →Spear phishing via email or social media is the primary delivery mechanism to lure users to exploit pages; correlate suspicious IE launches from email clients or social media links. ↗
- ·Affects all versions of IE (9, 10, 11) across a wide range of Windows OS versions; scope of affected systems is broad. ↗
- ·Attacker gains the same privilege level as the logged-in user, including full admin rights if the user is an administrator — highest impact on non-standard-user configurations. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck7.5HIGH
cisa7.5HIGH
vendor_msrc6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hxxf-h94r-73mv: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engin
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2018-8653 [HIGH] CWE-787 GHSA-hxxf-h94r-73mv: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engin
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.
Project0
Déjà vu-lnerability - Project Zero
project_zero·2021-02-01
CVE-2014-9665 Déjà vu-lnerability - Project Zero
A Year in Review of 0-days Exploited In-The-Wild in 2020
Posted by Maddie Stone, Project Zero
2020 was a year full of 0-day exploits. Many of the Internet’s most popular browsers had their moment in the spotlight. Memory corruption is still the name of the game and how the vast majority of detected 0-days are getting in. While we tried new methods of 0-day detection with modest success, 2020 showed us that there is still a long way to go in detecting these 0-day exploits in-the-wild. But what may be the most notable fact is that 25% of the 0-days detected in 2020 are closely related to previously publicly disclosed vulnerabilities. In other words, 1 out of every 4 detected 0-day exploits could potentially have been avoided if a more thorough investigation and patching effort were explor
Project0
Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero
project_zero·2020-07-01
CVE-2016-5195 Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero
Posted by Maddie Stone, Project Zero
In May 2019, Project Zero released our tracking spreadsheet for 0-days used “in the wild” and we started a more focused effort on analyzing and learning from these exploits. This is another way Project Zero is trying to make zero-day hard. This blog post synthesizes many of our efforts and what we’ve seen over the last year. We provide a review of what we can learn from 0-day exploits detected as used in the wild in 2019. In conjunction with this blog post, we are also publishing another blog post today about our root cause analysis work that informed the conclusions in this Year in Review. We are also releasing 8 root cause analyses that we have done for in-the-wild 0-days from 2019.
When I had the idea for this “Year in Review” blog post, I immedi
VulnCheck
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
vulncheck·2018·CVSS 7.5
CVE-2018-8653 [HIGH] CWE-787 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
Affected: Microsoft Internet Explorer
Required Action: Apply updates per vendor instructions.
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2018-Dec; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://dl.acm.org/doi/pdf/10.1145/3465481.3465758; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-05-03
Project0
Project Zero RCA: CVE-2020-0674: Internet Explorer use-after-free in JScript
project_zero·CVSS 7.5
CVE-2020-0674 [HIGH] Project Zero RCA: CVE-2020-0674: Internet Explorer use-after-free in JScript
# CVE-2020-0674: Internet Explorer use-after-free in JScript
*Maddie Stone, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2020-08-05)*
## The Basics
**Disclosure or Patch Date:** 11 February 2020
**Product:** Microsoft Internet Explorer
**Advisory:** https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674
**Affected Versions:** For Windows 10 1903/1909, [KB4528760](https://support.microsoft.com/en-us/help/4528760) and previous
**First Patched Version:** For Windows 10 1903/1909, [KB4532693](https://support.microsoft.com/en-us/help/4532693/windows-10-update-kb4532693)
**Issue/Bug Report:** N/A
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** Yi Huang([@C0rk1_H](https://twitter.com/C0
Project0
Project Zero RCA: CVE-2020-1380: Internet Explorer JScript9 Use-after-Free
project_zero·CVSS 7.8
CVE-2020-1380 [HIGH] Project Zero RCA: CVE-2020-1380: Internet Explorer JScript9 Use-after-Free
# CVE-2020-1380: Internet Explorer JScript9 Use-after-Free
*Maddie Stone & Samuel Groß, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2020-08-24)*
## The Basics
**Disclosure or Patch Date:** 11 August 2020
**Product:** Microsoft Internet Explorer
**Advisory:** https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380
**Affected Versions:** For Windows 10 2004, [KB4565503](https://support.microsoft.com/en-us/help/4565503/windows-10-update-kb4565503) and previous
**First Patched Version:** For Windows 10 2004, [KB4566782](https://support.microsoft.com/en-us/help/4566782/windows-10-update-kb4566782)
**Issue/Bug Report:** N/A
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** Boris Larin (
Project0
Project Zero RCA: CVE-2019-1367: Internet Explorer JScript use-after-free
project_zero·CVSS 7.5
CVE-2019-1367 [HIGH] Project Zero RCA: CVE-2019-1367: Internet Explorer JScript use-after-free
# CVE-2019-1367: Internet Explorer JScript use-after-free
*Maddie Stone & Ivan Fratric, Project Zero & Clément Lecigne, Google's Threat Analysis Group (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2020-07-27)*
## The Basics
**Disclosure or Patch Date:** 23 September 2019
**Product:** Microsoft Internet Explorer
**Advisory:** https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367
**Affected Versions:** For Windows 10 1903, [KB4515384](https://support.microsoft.com/en-us/help/4515384) and previous
**First Patched Version:** For Windows 10 1903, [KB4524147](https://support.microsoft.com/en-us/help/4524147/windows-10-update-kb4524147)
**Issue/Bug Report:** N/A
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Repo
CISA
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
cisa·2021-11-03·CVSS 7.5
CVE-2018-8653 [HIGH] CWE-787 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Vulnerability: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-8653
Remediation Due Date: 2022-05-03
Microsoft
Scripting Engine Memory Corruption Vulnerability
vendor_msrc·2018-12-11·CVSS 6.4
CVE-2018-8653 [HIGH] Scripting Engine Memory Corruption Vulnerability
Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted websi
No detection rules found.
No public exploits indexed.
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Securelist
IT threat evolution Q2 2020
blogs_securelist·2020-09-03
IT threat evolution Q2 2020
Table of Contents
Targeted attacks
PhantomLance: hiding in plain sight
Naikon’s Aria
COMpfun authors spoof visa application with HTTP status-based Trojan
Mind the [air] gap
Looking at big threats using code similarity
SixLittleMonkeys
Other malware
Loncom packer: from backdoors to Cobalt Strike
xHelper: the Trojan matryoshka
Spike in RDP brute-force attacks
Gaming during the COVID-19 pandemic
Rovnix bootkit back in business
Web skimming with Google Analytics
The Magnitude Exploit Kit
Authors
David Emm
IT threat evolution Q2 2020. PC statistics
IT threat evolution Q2 2020. Mobile statistics
## Targeted attacks
## PhantomLance: hiding in plain sight
In April, we reported the results of our investigation into a mobile spyware campaign that we call ‘PhantomLance’ . The cam
Securelist
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
blogs_securelist·2020-08-12·CVSS 7.5
[HIGH] Internet Explorer and Windows zero-day exploits used in Operation PowerFall
Authors
- Boris Larin
## Executive summary
In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for Windows. Unlike a previous full chain that we discovered, used in Operation WizardOpium, the new full chain targeted the latest builds of Windows 10, and our tests demonstrated reliable exploitation of Internet Explorer 11 and Windows 10 build 18363 x64.
On June 8, 2020, we reported our discoveries to Microsoft, and the company confirmed the vulnerabilities. At the time of our report, the security team at Mi
Securelist
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
blogs_securelist·2020-08-12·CVSS 7.5
[HIGH] Internet Explorer and Windows zero-day exploits used in Operation PowerFall
Authors
Boris Larin
## Executive summary
In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for Windows. Unlike a previous full chain that we discovered, used in Operation WizardOpium, the new full chain targeted the latest builds of Windows 10, and our tests demonstrated reliable exploitation of Internet Explorer 11 and Windows 10 build 18363 x64.
On June 8, 2020, we reported our discoveries to Microsoft, and the company confirmed the vulnerabilities. At the time of our report, the security team at Micr
Securelist
Magnitude exploit kit – evolution
blogs_securelist·2020-06-24·CVSS 7.5
[HIGH] Magnitude exploit kit – evolution
Table of Contents
Introduction
Infection vector
Shellcode
Elevation of privilege exploit
Ransomware
Conclusions
Authors
Boris Larin
Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Flash because it’s just a plugin for a web browser, meaning that even if the user has an up-to-date browser, there’s a non-zero chance that Adobe Flash may still be vulnerable to 1-day exploits. Now that Adobe Flash is about to reach its end-of-life date at the end of this year, it is disabled by default in all web browser and has pretty much been replaced with o
Securelist
Magnitude exploit kit – evolution
blogs_securelist·2020-06-24·CVSS 7.5
[HIGH] Magnitude exploit kit – evolution
Table of Contents
- Introduction
- Shellcode
- Elevation of privilege exploit
- Ransomware
- Conclusions
Authors
- Boris Larin
Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Flash because it’s just a plugin for a web browser, meaning that even if the user has an up-to-date browser, there’s a non-zero chance that Adobe Flash may still be vulnerable to 1-day exploits. Now that Adobe Flash is about to reach its end-of-life date at the end of this year, it is disabled by default in all web browser and has pretty much been replaced with open stand
Krebs
Patch Tuesday, January 2019 Edition
blogs_krebs·2019-01-09·CVSS 7.5
[HIGH] Patch Tuesday, January 2019 Edition
Microsoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software. All things considered, this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates or zero-day exploits. But there are a few spicy bits to keep in mind. Read on for the gory details.
The updates released Tuesday affect Windows, Internet Explorer and Edge , Office , Sharepoint , .NET Framework and Exchange . Patches are available for all client and server versions of Windows, but none of the “critical” flaws — those that can lead to a remote system compromise without any help from users — apply to Windows 7 or Windows 8.1 , according to Martin Brinkmann at Ghacks.net .
Mercifully, none of the vulnerabilities fixed in T
Krebs
Patch Tuesday, January 2019 Edition
blogs_krebs·2019-01-09·CVSS 7.5
CVE-2019-0579 [HIGH] Patch Tuesday, January 2019 Edition
Microsoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software. All things considered, this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates or zero-day exploits. But there are a few spicy bits to keep in mind. Read on for the gory details.
Mercifully, none of the vulnerabilities fixed in Tuesday’s bundle are being actively exploited, although one (CVE-2019-0579) was publicly disclosed prior to the patch release, meaning attackers may have had a head start figuring out how to exploit it. This bug is one of 11 that Microsoft fixed in its Jet Database Engine.
Among the more eyebrow-raising flaws fixed this week is CVE-2019-0547, a weakness in the Windows component responsible
Qualys
January 2019 Patch Tuesday – 47 Vulns, 7 Critical, Adobe Vulns | Qualys
blogs_qualys·2019-01-08·CVSS 7.5
[HIGH] January 2019 Patch Tuesday – 47 Vulns, 7 Critical, Adobe Vulns | Qualys
This month’s Patch Tuesday is medium in size, with 47 vulns covered and only 7 labeled as Critical. Twenty-six of the vulns apply to Windows Servers and Workstation operating systems. Two of the Criticals apply to Hyper-V and could lead to RCE on the host system. Microsoft also issued and out-of-band patch in December for Internet Explorer 9 through 11 due to active attacks in the wild. Last week, Adobe also released out-of-band patches for Acrobat and Reader covering two Critical vulns.
### Workstation Patches
Browser and Scripting Engine patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users. Four of the 7 critical vulns are
Qualys
January 2019 Patch Tuesday – 47 Vulns, 7 Critical, Adobe Vulns
blogs_qualys·2019-01-08·CVSS 7.5
[HIGH] January 2019 Patch Tuesday – 47 Vulns, 7 Critical, Adobe Vulns
This month’s Patch Tuesday is medium in size, with 47 vulns covered and only 7 labeled as Critical. Twenty-six of the vulns apply to Windows Servers and Workstation operating systems. Two of the Criticals apply to Hyper-V and could lead to RCE on the host system. Microsoft also issued and out-of-band patch in December for Internet Explorer 9 through 11 due to active attacks in the wild. Last week, Adobe also released out-of-band patches for Acrobat and Reader covering two Critical vulns.
## Workstation Patches
Browser and Scripting Engine patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users. Four of the 7 critical vulns are
Tenable
Microsoft Releases Out-of-Band Patch for Internet Explorer Remote Code Execution Vulnerability (CVE-2018-8653)
blogs_tenable·2018-12-19·CVSS 7.5
[HIGH] Microsoft Releases Out-of-Band Patch for Internet Explorer Remote Code Execution Vulnerability (CVE-2018-8653)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Krebs
Microsoft Issues Emergency Fix for IE Zero Day
blogs_krebs·2018-12-19·CVSS 7.5
CVE-2018-8653 [HIGH] Microsoft Issues Emergency Fix for IE Zero Day
Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers.
The software giant said it learned about the weakness ( CVE-2018-8653 ) after receiving a report from Google about a new vulnerability being used in targeted attacks.
Satnam Narang , senior research engineer at Tenable , said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.
“As the flaw is being actively exploited in the wild, users are urged to update their systems as soon as possible to reduce the risk of compromise,” Narang
Tenable
Microsoft Releases Out-of-Band Patch for Internet Explorer Remote Code Execution Vulnerability (CVE-2018-8653)
blogs_tenable·2018-12-19·CVSS 7.5
CVE-2018-8653 [HIGH] Microsoft Releases Out-of-Band Patch for Internet Explorer Remote Code Execution Vulnerability (CVE-2018-8653)
Blog / Cyber Exposure Alerts
Subscribe
# Microsoft Releases Out-of-Band Patch for Internet Explorer Remote Code Execution Vulnerability (CVE-2018-8653)
Ryan Seguin
December 19, 2018
1 Min Read
Clement Lecigne of Google’s Threat Analysis Group has reported exploitation of an Internet Explorer vulnerability, CVE-2018-8653, prompting an out-of-band patch from Microsoft.
## Background
On December 19, Microsoft released a critical out-of-band (OOB) patch for a remote code execution (RCE) vulnerability in Internet Explorer (IE). This vulnerability affects all versions of IE including Windows 7, Windows 8.1, Windows 10, Windows Server 2008 (Internet Explorer 9), Windows Server 2012 (Internet Explorer 10), Windows Server 2016 and Windows Server 2019.
## Vulnerability details
A remote code
Zscaler
Zscaler protects against 12 new vulnerabilities for Chakra Scripting Engine, Internet Explorer, Scripting Engine, Windows VBScript Engine, Windows & Microsoft PowerPoint | Zscaler
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler protects against 12 new vulnerabilities for Chakra Scripting Engine, Internet Explorer, Scripting Engine, Windows VBScript Engine, Windows & Microsoft PowerPoint | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/106255https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653http://www.securityfocus.com/bid/106255https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8653
2018-12-20
Published
2021-11-03
Added to CISA KEV
Exploited in the wild