Veracode Vulnerability DatabaseVERACODE:7315

HistoryAug 16, 2018 - 9:38 a.m.

Remote Code Execution (RCE)

2018-08-1609:38:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

JSON

microsoft.chakracore is vulnerable to remote code execution. ProxyEntryPointInfo causes out-of-bound writes or arbitrary code being executed. This CVE ID is different from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.

CPENameOperatorVersion
microsoft.chakracorele1.10.1
microsoft.chakracore.vc140le1.10.1

CPE	Name	Operator	Version
	microsoft.chakracore	le	1.10.1
	microsoft.chakracore.vc140	le	1.10.1

References

github.com/Microsoft/ChakraCore/commit/f8bdb180c4e9351f441e25dc818815d0c63af753

github.com/Microsoft/ChakraCore/wiki/Roadmap#v1102

attackerkb 5

prion 9

osv 8

cve 9

github 6

mskb 9

nessus 10

kaspersky 2

openvas 7

mscve 9

symantec 8

checkpoint_advisories 6

zdt 2

packetstorm 2

zdi 2

cisa_kev 1

exploitpack 1

exploitdb 1

veracode 2

myhack58 4

googleprojectzero 1

threatpost 2

malwarebytes 2

krebs 1

talosblog 1

qualysblog 1

securelist 1

thn 1

attackerkb

CVE-2018-8390

2018-08-15 00:00:00

CVE-2018-8385

2018-08-15 00:00:00

CVE-2018-8389

2018-08-15 00:00:00

prion

Remote code execution

2018-08-15 17:29:00

Remote code execution

2018-08-15 17:29:00

Remote code execution

2018-08-15 17:29:00

osv

CVE-2018-8390

2018-08-15 17:29:08

CVE-2018-8385

2018-08-15 17:29:08

ChakraCore RCE Vulnerability

2022-05-13 01:20:51

cve

CVE-2018-8373

2018-08-15 17:29:00

CVE-2018-8359

2018-08-15 17:29:00

CVE-2018-8389

2018-08-15 17:29:00

github

ChakraCore RCE Vulnerability

2022-05-13 01:20:49

ChakraCore RCE Vulnerability

2022-05-13 01:20:48

ChakraCore RCE Vulnerability

2022-05-13 01:20:49

mskb

Cumulative security update for Internet Explorer: August 14, 2018

2018-08-14 07:00:00

August 14, 2018—KB4343898 (Monthly Rollup)

2018-08-14 07:00:00

August 14, 2018—KB4343900 (Monthly Rollup)

2018-08-14 07:00:00

nessus

Security Updates for Internet Explorer (August 2018)

2018-08-14 00:00:00

KB4343888: Windows 8.1 and Windows Server 2012 R2 August 2018 Security Update (Foreshadow)

2018-08-14 00:00:00

KB4343899: Windows 7 and Windows Server 2008 R2 August 2018 Security Update (Foreshadow)

2018-08-14 00:00:00

kaspersky

KLA11306 Multiple vulnerabilities in Microsoft Browsers

2018-08-14 00:00:00

KLA11789 Multiple vulnerabilities in Microsoft Products (ESU)

2018-08-14 00:00:00

openvas

Microsoft Windows Multiple Vulnerabilities (KB4343898)

2018-08-15 00:00:00

Microsoft Windows Multiple Vulnerabilities (KB4343900)

2018-08-15 00:00:00

Microsoft Windows Multiple Vulnerabilities (KB4343892)

2018-08-15 00:00:00

mscve

Scripting Engine Memory Corruption Vulnerability

2018-08-14 07:00:00

Scripting Engine Memory Corruption Vulnerability

2018-08-14 07:00:00

Scripting Engine Memory Corruption Vulnerability

2018-08-14 07:00:00

symantec

Microsoft ChakraCore Scripting Engine CVE-2018-8359 Information Disclosure Vulnerability

2018-08-14 00:00:00

Microsoft Internet Explorer CVE-2018-8353 Remote Memory Corruption Vulnerability

2018-08-14 00:00:00

Microsoft Internet Explorer CVE-2018-8371 Remote Memory Corruption Vulnerability

2018-08-14 00:00:00

checkpoint_advisories

Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-8353)

2018-08-14 00:00:00

Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-8371)

2018-08-14 00:00:00

Microsoft Windows VBScript Engine Remote Code Execution (CVE-2018-8373)

2018-08-21 00:00:00

zdt

Microsoft Windows - JScript RegExp.lastIndex Use-After-Free Exploit

2018-08-28 00:00:00

Microsoft Edge Chakra JIT localeCompare Type Confusion Exploit

2018-09-18 00:00:00

packetstorm

Microsoft Edge Chakra OP_Memset Type Confusion

2018-11-19 00:00:00

Microsoft Edge Chakra JIT localeCompare Type Confusion

2018-09-18 00:00:00

zdi

Microsoft Windows VBScript Class_Terminate Use After Free Remote Code Execution Vulnerability

2018-08-14 00:00:00

Microsoft Windows VBScript Array Use-After-Free Remote Code Execution Vulnerability

2018-08-14 00:00:00

cisa_kev

Microsoft Scripting Engine Memory Corruption Vulnerability

2022-03-25 00:00:00

exploitpack

Microsoft Edge Chakra - OP_Memset Type Confusion

2018-11-19 00:00:00

exploitdb

Microsoft Edge Chakra - OP_Memset Type Confusion

2018-11-19 00:00:00

veracode

Remote Code Execution (RCE)

2018-08-16 04:17:50

Remote Code Execution (RCE)

2018-08-16 03:18:42

myhack58

From BinDiff to 0day: Internet Explorer UAF vulnerability analysis-vulnerability warning-the black bar safety net

2019-09-17 00:00:00

Use CVE-2018-8373 0day vulnerabilities the attacks the Darkhotel gang-related analysis-vulnerability warning-the black bar safety net

2018-08-18 00:00:00

For a suspected CVE-2016-0189 the original attack sample debugging-vulnerability warning-the black bar safety net

2019-06-13 00:00:00

googleprojectzero

On VBScript

2018-12-19 00:00:00

threatpost

Darkhotel Exploits Microsoft Zero-Day VBScript Flaw

2018-08-20 16:39:26

Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup

2018-08-14 20:42:41

malwarebytes

A week in security (September 24 – 30)

2018-10-01 16:44:20

Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT

2018-09-26 17:13:26

krebs

Patch Tuesday, August 2018 Edition

2018-08-15 14:52:21

talosblog

Microsoft Tuesday August 2018

2018-08-14 11:26:00

qualysblog

August Patch Tuesday – 63 Vulns, L1TF (Foreshadow), Exchange, SQL, Active Attacks on IE flaw

2018-08-14 18:47:21

securelist

IT threat evolution Q3 2018. Statistics

2018-11-12 10:00:55

thn

Microsoft Releases Patches for 60 Flaws—Two Under Active Attack

2018-08-14 18:32:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

JSON

Related for VERACODE:7315