A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.

CPENameOperatorVersion
microsoft.chakracorelt1.10.2

CPE	Name	Operator	Version
	microsoft.chakracore	lt	1.10.2

References

github.com/advisories/GHSA-p349-q795-qj4q

github.com/chakra-core/ChakraCore/commit/91bb6d68bfe0455cde08aaa5fbc3f2e4f6cc9d04

github.com/chakra-core/ChakraCore/pull/5596

nvd.nist.gov/vuln/detail/CVE-2018-8372

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8372

web.archive.org/web/20210124195605/www.securityfocus.com/bid/105038

web.archive.org/web/20211203061111/www.securitytracker.com/id/1041457

osv 8

attackerkb 5

cvelist 9

prion 9

cve 9

github 5

veracode 3

nessus 10

mskb 9

kaspersky 2

openvas 7

mscve 9

zdi 2

checkpoint_advisories 6

symantec 8

exploitpack 1

exploitdb 1

zdt 2

packetstorm 2

cisa_kev 1

googleprojectzero 1

myhack58 4

threatpost 2

malwarebytes 2

krebs 1

talosblog 1

qualysblog 1

securelist 1

thn 1

osv

CVE-2018-8390

2018-08-15 17:29:08

ChakraCore RCE Vulnerability

2022-05-13 01:20:51

CVE-2018-8385

2018-08-15 17:29:08

attackerkb

CVE-2018-8390

2018-08-15 00:00:00

CVE-2018-8373

2018-08-15 00:00:00

CVE-2018-8385

2018-08-15 00:00:00

cvelist

CVE-2018-8355

2018-08-15 17:00:00

CVE-2018-8373

2018-08-15 17:00:00

CVE-2018-8390

2018-08-15 17:00:00

prion

Remote code execution

2018-08-15 17:29:00

Remote code execution

2018-08-15 17:29:00

Remote code execution

2018-08-15 17:29:00

cve

CVE-2018-8359

2018-08-15 17:29:00

CVE-2018-8373

2018-08-15 17:29:00

CVE-2018-8389

2018-08-15 17:29:00

github

ChakraCore RCE Vulnerability

2022-05-13 01:20:49

ChakraCore RCE Vulnerability

2022-05-13 01:20:48

ChakraCore RCE Vulnerability

2022-05-13 01:20:49

veracode

Remote Code Execution (RCE)

2018-08-16 09:38:32

Remote Code Execution (RCE)

2018-08-16 03:18:42

Remote Code Execution (RCE)

2018-08-16 04:17:50

nessus

Security Updates for Internet Explorer (August 2018)

2018-08-14 00:00:00

KB4343888: Windows 8.1 and Windows Server 2012 R2 August 2018 Security Update (Foreshadow)

2018-08-14 00:00:00

KB4343899: Windows 7 and Windows Server 2008 R2 August 2018 Security Update (Foreshadow)

2018-08-14 00:00:00

mskb

Cumulative security update for Internet Explorer: August 14, 2018

2018-08-14 07:00:00

August 14, 2018—KB4343898 (Monthly Rollup)

2018-08-14 07:00:00

August 14, 2018—KB4343900 (Monthly Rollup)

2018-08-14 07:00:00

kaspersky

KLA11306 Multiple vulnerabilities in Microsoft Browsers

2018-08-14 00:00:00

KLA11789 Multiple vulnerabilities in Microsoft Products (ESU)

2018-08-14 00:00:00

openvas

Microsoft Windows Multiple Vulnerabilities (KB4343898)

2018-08-15 00:00:00

Microsoft Windows Multiple Vulnerabilities (KB4343900)

2018-08-15 00:00:00

Microsoft Windows Multiple Vulnerabilities (KB4343892)

2018-08-15 00:00:00

mscve

Scripting Engine Memory Corruption Vulnerability

2018-08-14 07:00:00

Scripting Engine Memory Corruption Vulnerability

2018-08-14 07:00:00

Scripting Engine Memory Corruption Vulnerability

2018-08-14 07:00:00

zdi

Microsoft Windows VBScript Class_Terminate Use After Free Remote Code Execution Vulnerability

2018-08-14 00:00:00

Microsoft Windows VBScript Array Use-After-Free Remote Code Execution Vulnerability

2018-08-14 00:00:00

checkpoint_advisories

Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-8353)

2018-08-14 00:00:00

Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-8371)

2018-08-14 00:00:00

Microsoft Browser Scripting Engine Memory Corruption (CVE-2018-8372)

2018-08-14 00:00:00

symantec

Microsoft ChakraCore Scripting Engine CVE-2018-8359 Information Disclosure Vulnerability

2018-08-14 00:00:00

Microsoft Internet Explorer CVE-2018-8371 Remote Memory Corruption Vulnerability

2018-08-14 00:00:00

Microsoft Internet Explorer CVE-2018-8353 Remote Memory Corruption Vulnerability

2018-08-14 00:00:00

exploitpack

Microsoft Edge Chakra - OP_Memset Type Confusion

2018-11-19 00:00:00

exploitdb

Microsoft Edge Chakra - OP_Memset Type Confusion

2018-11-19 00:00:00

zdt

Microsoft Windows - JScript RegExp.lastIndex Use-After-Free Exploit

2018-08-28 00:00:00

Microsoft Edge Chakra JIT localeCompare Type Confusion Exploit

2018-09-18 00:00:00

packetstorm

Microsoft Edge Chakra OP_Memset Type Confusion

2018-11-19 00:00:00

Microsoft Edge Chakra JIT localeCompare Type Confusion

2018-09-18 00:00:00

cisa_kev

Microsoft Scripting Engine Memory Corruption Vulnerability

2022-03-25 00:00:00

googleprojectzero

On VBScript

2018-12-19 00:00:00

myhack58

From BinDiff to 0day: Internet Explorer UAF vulnerability analysis-vulnerability warning-the black bar safety net

2019-09-17 00:00:00

Use CVE-2018-8373 0day vulnerabilities the attacks the Darkhotel gang-related analysis-vulnerability warning-the black bar safety net

2018-08-18 00:00:00

For a suspected CVE-2016-0189 the original attack sample debugging-vulnerability warning-the black bar safety net

2019-06-13 00:00:00

threatpost

Darkhotel Exploits Microsoft Zero-Day VBScript Flaw

2018-08-20 16:39:26

Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup

2018-08-14 20:42:41

malwarebytes

A week in security (September 24 – 30)

2018-10-01 16:44:20

Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT

2018-09-26 17:13:26

krebs

Patch Tuesday, August 2018 Edition

2018-08-15 14:52:21

talosblog

Microsoft Tuesday August 2018

2018-08-14 11:26:00

qualysblog

August Patch Tuesday – 63 Vulns, L1TF (Foreshadow), Exchange, SQL, Active Attacks on IE flaw

2018-08-14 18:47:21

securelist

IT threat evolution Q3 2018. Statistics

2018-11-12 10:00:55

thn

Microsoft Releases Patches for 60 Flaws—Two Under Active Attack

2018-08-14 18:32:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.058 Low

EPSS

Percentile

93.4%

JSON

Related for GHSA-P349-Q795-QJ4Q