Vulnerability CVE-2018-0954

Vulnerability CVE-2018-0954

Published: 2018-05-09

Description:

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.6/10	10/10	4.9/10

Exploit range	Attack complexity	Authentication
Remote	High	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Microsoft -> Chakracore
Microsoft -> EDGE
Microsoft -> Internet explorer

References:

http://www.securityfocus.com/bid/103991

http://www.securitytracker.com/id/1040844

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0954

Copyright 2024, cxsecurity.com