Lucene search
HistoryDec 12, 2018 - 12:29 a.m.
CVE-2018-8624
cve-2018-8624
remote code execution
chakra scripting engine
microsoft edge
security vulnerability
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
7.6 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.968 High
EPSS
Percentile
99.7%
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka âChakra Scripting Engine Memory Corruption Vulnerability.â This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8629.
Affected configurations
Node
microsoftedgeMatchWindows 10 Version 1607 for 32-bit Systems
ORmicrosoftedgeMatchWindows 10 Version 1607 for x64-based Systems
ORmicrosoftedgeMatchWindows 10 Version 1703 for 32-bit Systems
ORmicrosoftedgeMatchWindows 10 Version 1703 for x64-based Systems
ORmicrosoftedgeMatchWindows 10 Version 1709 for 32-bit Systems
ORmicrosoftedgeMatchWindows 10 Version 1709 for ARM64-based Systems
ORmicrosoftedgeMatchWindows 10 Version 1709 for x64-based Systems
ORmicrosoftedgeMatchWindows 10 Version 1803 for 32-bit Systems
ORmicrosoftedgeMatchWindows 10 Version 1803 for ARM64-based Systems
ORmicrosoftedgeMatchWindows 10 Version 1803 for x64-based Systems
ORmicrosoftedgeMatchWindows 10 Version 1809 for 32-bit Systems
ORmicrosoftedgeMatchWindows 10 Version 1809 for ARM64-based Systems
ORmicrosoftedgeMatchWindows 10 Version 1809 for x64-based Systems
ORmicrosoftedgeMatchWindows Server 2016
ORmicrosoftedgeMatchWindows Server 2019
ORmicrosoftchakracore
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | edge | Windows 10 Version 1607 for 32-bit Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1607 for 32-bit Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1607 for x64-based Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1607 for x64-based Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1703 for 32-bit Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1703 for 32-bit Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1703 for x64-based Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1703 for x64-based Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1709 for 32-bit Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1709 for 32-bit Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1709 for ARM64-based Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1709 for ARM64-based Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1709 for x64-based Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1709 for x64-based Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1803 for 32-bit Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1803 for 32-bit Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1803 for ARM64-based Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1803 for ARM64-based Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1803 for x64-based Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1803 for x64-based Systems:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Microsoft Edge",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for ARM64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for ARM64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2016"
},
{
"status": "affected",
"version": "Windows Server 2019"
}
]
},
{
"product": "ChakraCore",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "ChakraCore"
}
]
}
]Related
prion
prion
Remote code execution
2018-12-12 00:29:00
Remote code execution
2018-12-12 00:29:00
Remote code execution
2018-12-12 00:29:00
cve
cve
cvelist
cvelist
osv
osv
ChakraCore RCE Vulnerability
2022-05-13 01:21:01
ChakraCore RCE Vulnerability
2022-05-13 01:21:02
ChakraCore RCE Vulnerability
2022-05-13 01:21:02
veracode
veracode
Remote Code Execution (RCE)
2018-12-12 03:51:03
Remote Code Execution (RCE)
2018-12-12 04:05:34
Remote Code Execution (RCE)
2018-12-12 03:43:47
github
github
ChakraCore RCE Vulnerability
2022-05-13 01:21:03
ChakraCore RCE Vulnerability
2022-05-13 01:21:02
ChakraCore Remote code execution Vulnerability
2022-05-13 01:21:03
nvd
nvd
mscve
mscve
Chakra Scripting Engine Memory Corruption Vulnerability
2018-12-11 08:00:00
Chakra Scripting Engine Memory Corruption Vulnerability
2018-12-11 08:00:00
Chakra Scripting Engine Memory Corruption Vulnerability
2018-12-11 08:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-8624)
2018-12-11 00:00:00
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-8629)
2018-12-11 00:00:00
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-8583)
2018-12-11 00:00:00
symantec
symantec
kaspersky
kaspersky
KLA11388 Multiple vulnerabilities in Microsoft Browsers
2018-12-11 00:00:00
krebs
krebs
Patch Tuesday, December 2018 Edition
2018-12-11 21:05:41
mskb
mskb
December 11, 2018âKB4471327 (OS Build 15063.1506)
2018-12-11 08:00:00
December 11, 2018âKB4471329 (OS Build 16299.846)
2018-12-11 08:00:00
December 11, 2018âKB4471324 (OS Build 17134.471)
2018-12-11 08:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4471327)
2018-12-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4471329)
2018-12-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4471324)
2018-12-12 00:00:00
nessus
nessus
zdi
zdi
zdt
zdt
Microsoft Edge Chakra - InlineArrayPush Type Confusion Exploit
2019-01-20 00:00:00
packetstorm
packetstorm
Microsoft Edge Chakra InlineArrayPush Type Confusion
2019-01-17 00:00:00
talosblog
talosblog
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
7.6 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.968 High
EPSS
Percentile
99.7%
Related for CVE-2018-8624