CVE-2018-8276

A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard CFG to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore...

CVE-2018-8291

The CVE-2018-8291 entry describes a remote code execution in the ChakraCore scripting engine affecting ChakraCore, Internet Explorer 11, and Microsoft Edge due to memory handling in scripting objects. Root cause: memory object handling in the scripting engine leading to RCE. Public references sho...

CVE-2018-8286

CVE-2018-8286 is a remote code execution vulnerability in the Chakra scripting engine, affecting Microsoft Edge and ChakraCore. The issue stems from how the Chakra engine handles objects in memory, described in connected GitHub advisories as the “Chakra Scripting Engine Memory Corruption Vulnerab...

CVE-2018-8294

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286,...

CVE-2018-8286

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8290,...

Microsoft Fixes 17 Critical Bugs in July Patch Tuesday Release

UDPATE Browser vulnerabilities took center stage in Microsoft’s July Patch Tuesday security bulletin. In all, Microsoft patched 17 bugs rated critical, with ten tied to scripting engine flaws impacting Internet Explorer. In total, Microsoft is reporting 53 bugs: 17 critical, 34 rated important, o...

Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

Microsoft Chakra Scripting Engine Memory Corruption (CVE-2018-8298)

A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

PT-2018-18533 · Microsoft · Browsers +2

Name of the Vulnerable Software and Affected Versions: Microsoft browsers affected versions not specified Description: A remote code execution issue exists in the way the scripting engine handles objects in memory in Microsoft browsers. This could corrupt memory, allowing an attacker to execute...

PT-2018-18507 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Internet Explorer affected versions not specified Description: A remote code execution issue exists due to the way the scripting engine handles objects in memory. This could lead to memory corruption, allowing an attacker to execute arbitrary...

Microsoft Scripting Engine Memory Corruption (CVE-2018-8283)

A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

KLA12551 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, gain privileges, spoof user interface, execute arbitrary code. Below is a...

PT-2018-2018 · Microsoft · Chakracore

Name of the Vulnerable Software and Affected Versions: ChakraCore affected versions not specified Description: The issue is related to a type confusion vulnerability in the ChakraCore Scripting Engine, which is associated with errors in the mechanisms for processing objects in memory. Exploitatio...

KLA11290 Multiple vulnerabilities in Microsoft Edge and Internet Explorer

Multiple vulnerabilities were found in Microsoft Edge and Internet Explorer. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, obtain sensitive information, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities:...

KB4338814: Windows 10 Version 1607 and Windows Server 2016 July 2018 Security Update

The remote Windows host is missing security update 4338814. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. CVE-2018-8202 - A remote code execution...

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution. This happens because the scripting engine does not properly handle the objects in memory if a non-int-type-specialized index operand on a switch table branch is used,causing memory corruption.This CVE ID is unique from CVE-2017-11792,...

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution. The scripting engine does not properly handle the objects in memory, causing memory corruption which could allow an attacker to execute code in the context of the current user. This CVE ID is different from CVE-2018-0758, CVE-2018-0762,...

CVE-2018-8267

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from...

CVE-2018-8267

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from...