CVE-2018-8359 - A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles

CVE-2018-8359

Summary

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.

References

http://www.securityfocus.com/bid/104990
http://www.securitytracker.com/id/1041457
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8359

Vulnerable Configurations

cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*

CVSS

Base:	7.6 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:H/Au:N/C:C/I:C/A:C

refmap via4

bid	104990
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8359
sectrack	1041457

Last major update

24-08-2020 - 17:37

Published

15-08-2018 - 17:29

Last modified

24-08-2020 - 17:37