The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser, caused by an operation that goes beyond the buffer in memory, allows attackers to execute arbitrary code.

🗓️ 21 Mar 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

ChakraCore in Microsoft Edge has an out-of-bounds memory operation in the script handler enabling remote code execution.

Reporter	Title	Published	Views	Family All 56
0day.today	Microsoft Edge Chakra JIT - LdThis Type Confusion Exploit	15 Feb 201800:00	–	zdt
Circl	CVE-2018-0837	15 Feb 201800:00	–	circl
CNVD	Microsoft Edge and ChakraCore Remote Memory Corruption Vulnerability (CNVD-2018-03515)	14 Feb 201800:00	–	cnvd
Check Point Advisories	Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0837)	13 Feb 201800:00	–	checkpoint_advisories
CVE	CVE-2018-0837	15 Feb 201802:00	–	cve
Cvelist	CVE-2018-0837	15 Feb 201802:00	–	cvelist
Github Security Blog	ChakraCore RCE Vulnerability	13 May 202201:18	–	github
Microsoft KB	February 13, 2018—KB4074588 (OS Build 16299.248)	13 Feb 201808:00	–	mskb
Microsoft KB	February 13, 2018—KB4074590 (OS Build 14393.2068)	13 Feb 201808:00	–	mskb
Microsoft KB	February 13, 2018—KB4074591 (OS Build 10586.1417)	13 Feb 201808:00	–	mskb

Source	Link
securityfocus	www.securityfocus.com/bid/102876
securitytracker	www.securitytracker.com/id/1040372
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0837
exploit-db	www.exploit-db.com/exploits/44081/
web	www.web.nvd.nist.gov/view/vuln/detail
exploit-db	www.exploit-db.com/exploits/44081/

23 Mar 2021 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 37.5

CVSS 27.6

EPSS0.79299

ChakraCore Microsoft Edge out of bounds memory operation remote code execution