CVE-2018-8624

The entries describe CVE-2018-8624 as a remote code execution vulnerability in the Chakra scripting engine’s memory handling, affecting Microsoft Edge and ChakraCore. The root cause is memory corruption of in-memory objects; the vulnerability is exploitable remotely with network access and requir...

Microsoft Windows Multiple Vulnerabilities (KB4471327)

This host is missing a critical security update according to Microsoft KB4471327 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Internet Explorer Scripting Engine Memory Corruption Vulnerability

Internet Explorer is a web browser from Microsoft. Formerly known as Microsoft Internet Explorer prior to version 6 and Windows Internet Explorer versions 7, 8, 9, 10, 11, or IE for short. A memory corruption vulnerability exists in the way memory objects are handled in the Internet Explorer...

CVE-2018-8618

CVE-2018-8618 describes a remote code execution VULNERABILITY in the Chakra scripting engine, caused by how it handles objects in memory. The issue affects Microsoft Edge and ChakraCore, with a memory corruption root cause that can enable code execution on affected systems. Connected advisories c...

Microsoft Patch Tuesday — December 2018: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 38 vulnerabilities, nine of which are rated “critical” and 29 that are considered “important.” There are no “moderate” or “low” vulnerabilities...

December 11, 2018—KB4471329 (OS Build 16299.846)

December 11, 2018—KB4471329 OS Build 16299.846 Note: Because of minimal operations during the holidays and upcoming Western new year, there won’t be any preview releases for the month of December 2018. Monthly servicing will resume with the January 2019 security releases. Improvements and fixes...

Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

December 11, 2018—KB4471332 (OS Build 17763.194)

December 11, 2018—KB4471332 OS Build 17763.194 Note: Because of minimal operations during the holidays and upcoming Western new year, there won’t be any preview releases for the month of December 2018. Monthly servicing will resume with the January 2019 security releases. Improvements and fixes...

December 11, 2018—KB4471324 (OS Build 17134.471)

December 11, 2018—KB4471324 OS Build 17134.471 Note: Because of minimal operations during the holidays and upcoming Western new year, there won’t be any preview releases for the month of December 2018. Monthly servicing will resume with the January 2019 security releases. Improvements and fixes...

Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution. This is due to the way the scripting engine accesses objects in memory which can lead to memory corruption or arbitrary code being executed in the context of the authenticated user...

KLA11884 Multiple vulnerability in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in...

KLA11388 Multiple vulnerabilities in Microsoft Browsers

Multiple serious vulnerabilities were found in Microsoft Browsers Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially craft...

Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-8629)

A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

KB4471321: Windows 10 Version 1607 and Windows Server 2016 December 2018 Security Update

The remote Windows host is missing security update 4471321. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could...

Security Updates for Internet Explorer (December 2018)

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a...

KB4471323: Windows 10 December 2018 Security Update

The remote Windows host is missing security update 4471323. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker...

EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2018-1386)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenJDK: Improper field access checks CVE-2018-3169 - OpenJDK: Unrestricted access to scripting engine CVE-2018-3183 - OpenJDK:...

Remote Code Execution (RCE)

Microsoft ChakraCore is vulnerable to remote code execution. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2017-0010, CVE-2017-0015, CVE-2017-0032,...