CVE-2018-0834

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0835,...

CVE-2018-0835

Mode C: The connected advisories describe a ChakraCore/Edge remote code execution vulnerability caused by the scripting engine’s handling of in-memory objects (Scripting Engine Memory Corruption Vulnerability). Affected software includes Microsoft Edge and ChakraCore on Windows 10 releases such a...

CVE-2018-0834

Summary: Multiple CVEs describe a remote code execution vulnerability in Microsoft Edge and ChakraCore caused by memory handling in the Chakra scripting engine (“Scripting Engine Memory Corruption Vulnerability”). The connected advisories (GHSA entries) denote ChakraCore RCE affecting Windows 10 ...

CVE-2018-0859

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834,...

CVE-2018-0861

The CVE-2018-0861 entry concerns a memory corruption flaw in the scripting engine used by Microsoft Edge and ChakraCore, leading to remote code execution. Affected software/products mentioned across connected documents include Microsoft Edge and ChakraCore on Windows 10 (Gold/1511/1607/1703/1709)...

CVE-2018-0857

ChakraCore/Edge memory-corruption RCE chain is described in the connected advisories: ChakraCore on Microsoft Edge and ChakraCore components within Windows 10 (various builds) is vulnerable when the scripting engine mishandles in-memory objects, enabling remote code execution. The exact affected ...

CVE-2018-0866

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka...

CVE-2018-0835

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834,...

CVE-2018-0836

The CVE-2018-0836 entry concerns Microsoft Edge and ChakraCore in Windows 10 (1703/1709) where remote code execution is possible due to how the scripting engine handles objects in memory (Scripting Engine Memory Corruption). Connected advisories (GHSA) corroborate a ChakraCore RCE vulnerability a...

CVE-2018-0840

Technical details specific to CVE-2018-0840 are not provided in the connected documents. The GHSA advisories describe ChakraCore memory corruption vulnerabilities in general, but do not disclose affected products/versions or impacts for this CVE. Monitor for updates.

Microsoft Edge scripting engine remote memory corruption vulnerability

Microsoft Windows is a series of operating systems released by Microsoft Corporation.Microsoft Edge is one of the web browsers that comes with the system.scripting engine is one of the JavaScript engine components. A remote memory corruption vulnerability exists in the Microsoft Edge scripting...

Microsoft Windows Multiple Vulnerabilities (KB4074591)

This host is missing a critical security update according to Microsoft KB4074591 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4074596)

This host is missing a critical security update according to Microsoft KB4074596 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4074590)

This host is missing a critical security update according to Microsoft KB4074590 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4074594)

This host is missing a critical security update according to Microsoft KB4074594 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4074592)

This host is missing a critical security update according to Microsoft KB4074592 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Internet Explorer Multiple RCE Vulnerabilities (KB4074736)

This host is missing a critical security update according to Microsoft KB4074736 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Patch Tuesday - February 2018

Microsoft Patch Tuesday - February 2018 Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 54 new vulnerabilities with 14 of them rated critical, 38 of them...

February 13, 2018—KB4074588 (OS Build 16299.248)

February 13, 2018—KB4074588 OS Build 16299.248 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue where child accounts are able to access InPrivate mode on ARM devices even...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...