CVE-2018-8467

Опубликовано: 13 сент. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 7.6

EPSS Высокий

Описание

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8466.

Ссылки

http://www.securityfocus.com/bid/105244
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041623
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8467
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/45572/
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/105244
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041623
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8467
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/45572/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.80167

Высокий

7.5 High

CVSS3

7.6 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2018-8467

CVSS3: 4.2

msrc

почти 7 лет назад

Chakra Scripting Engine Memory Corruption Vulnerability

GHSA-xxp7-423f-hcp4

CVSS3: 7.5

github

около 3 лет назад

ChakraCore RCE Vulnerability

BDU:2018-01107

CVSS3: 8.8

fstec