CVE-2018-8296

Опубликовано: 11 июл. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 7.6

EPSS Средний

Описание

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8298.

Ссылки

http://www.securityfocus.com/bid/104638
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041258
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8296
Patch
Vendor Advisory
http://www.securityfocus.com/bid/104638
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041258
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8296
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.43954

Средний

7.5 High

CVSS3

7.6 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2018-8296

CVSS3: 7.5

msrc

больше 7 лет назад

Scripting Engine Memory Corruption Vulnerability

GHSA-x986-878p-w4xx

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 97%

0.43954

Средний

7.5 High

CVSS3

7.6 High

CVSS2

Дефекты

CWE-787