The vulnerability of Microsoft Edge browser and the ChakraCore JavaScript engine lies in memory object handling errors, allowing attackers to execute arbitrary code.

🗓️ 07 Jun 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

Edge and ChakraCore memory boundary overruns enable remote code execution via a crafted web page.

Reporter	Title	Published	Views	Family All 35
CNVD	Microsoft ChakraCore and Edge Remote Code Execution Vulnerability (CNVD-2018-07772)	11 Apr 201800:00	–	cnvd
Check Point Advisories	Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-0993)	10 Apr 201800:00	–	checkpoint_advisories
CVE	CVE-2018-0993	12 Apr 201801:00	–	cve
Cvelist	CVE-2018-0993	12 Apr 201801:00	–	cvelist
Github Security Blog	ChakraCore RCE Vulnerability	13 May 202201:18	–	github
Microsoft KB	April 10, 2018—KB4093107 (OS Build 15063.1029)	8 May 201807:00	–	mskb
Microsoft KB	April 10, 2018—KB4093109 (OS Build 10586.1540)	10 Apr 201807:00	–	mskb
Microsoft KB	April 10, 2018—KB4093111 (OS Build 10240.17831)	10 Apr 201807:00	–	mskb
Microsoft KB	April 10, 2018—KB4093112 (OS Build 16299.371)	8 May 201807:00	–	mskb
Microsoft KB	April 10, 2018—KB4093119 (OS Build 14393.2189)	8 May 201807:00	–	mskb

Source	Link
securityfocus	www.securityfocus.com/bid/103627
securitytracker	www.securitytracker.com/id/1040650
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0993
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

8.4High risk

Vulners AI Score8.4

CVSS 37.5

CVSS 27.6

EPSS0.22672

Microsoft Edge ChakraCore memory boundary error buffer overrun remote code execution crafted web page