CVE-2018-0834

Опубликовано: 15 фев. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 9.3

EPSS Высокий

Описание

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.

Ссылки

http://www.securityfocus.com/bid/102859
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040372
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0834
Vendor Advisory
https://www.exploit-db.com/exploits/44078/
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/102859
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040372
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0834
Vendor Advisory
https://www.exploit-db.com/exploits/44078/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.7863

Высокий

7.5 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2018-0834

CVSS3: 4.2

msrc

больше 7 лет назад

Scripting Engine Memory Corruption Vulnerability

GHSA-5j48-826p-2w9r