ID CVE-2018-8390
Summary A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
CVSS
Base: 7.6 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
refmap via4
bid 105041
confirm https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8390
sectrack 1041457
Last major update 24-08-2020 - 17:37
Published 15-08-2018 - 17:29
Last modified 24-08-2020 - 17:37
Back to Top