CVE-2018-8384 - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj

CVE-2018-8384

Summary

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381.

References

http://www.securityfocus.com/bid/104981
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8384
https://www.exploit-db.com/exploits/45431/

Vulnerable Configurations

cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*

CVSS

Base:	7.6 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-843

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:H/Au:N/C:C/I:C/A:C

refmap via4

bid	104981
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8384
exploit-db	45431

Last major update

24-08-2020 - 17:37

Published

15-08-2018 - 17:29

Last modified

24-08-2020 - 17:37