CVE-2018-8287

Опубликовано: 11 июл. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 7.6

EPSS Средний

Описание

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.

Ссылки

http://www.securityfocus.com/bid/104634
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041256
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041258
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8287
Patch
Vendor Advisory
http://www.securityfocus.com/bid/104634
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041256
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041258
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8287
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*

Версия до 1.10.1 (исключая)

Конфигурация 4

Одновременно

cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.36758

Средний

7.5 High

CVSS3

7.6 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2018-8287

CVSS3: 7.5

msrc

около 7 лет назад

Scripting Engine Memory Corruption Vulnerability

GHSA-p97q-j98q-f98w

CVSS3: 7.5

github

больше 3 лет назад

ChakraCore RCE Vulnerability

EPSS

Процентиль: 97%

0.36758

Средний

7.5 High

CVSS3

7.6 High

CVSS2

Дефекты

CWE-787