ID CVE-2018-8354
Summary A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8391, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:chakracore:1.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:chakracore:1.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
CVSS
Base: 7.6 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
refmap via4
bid 105232
confirm https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8354
sectrack 1041623
Last major update 24-08-2020 - 17:37
Published 13-09-2018 - 00:29
Last modified 24-08-2020 - 17:37
Back to Top