CVE-2018-0774
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
Published
2018-01-04T14:29:01.127
Last Modified
2024-11-21T03:38:55.573
Status
Modified
Source
[email protected]
Severity
CVSSv3.0: 7.5 (HIGH)
CVSSv2 Vector
AV:N/AC:H/Au:N/C:C/I:C/A:C
- Access Vector: NETWORK
- Access Complexity: HIGH
- Authentication: NONE
- Confidentiality Impact: COMPLETE
- Integrity Impact: COMPLETE
- Availability Impact: COMPLETE
Exploitability Score
4.9
Impact Score
10.0
Weaknesses
Affected Vendors & Products
References
-
http://www.securityfocus.com/bid/102399
Third Party Advisory, VDB Entry
([email protected])
-
http://www.securitytracker.com/id/1040100
Third Party Advisory, VDB Entry
([email protected])
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0774
Patch, Vendor Advisory
([email protected])
-
https://www.exploit-db.com/exploits/43715/
Exploit, Third Party Advisory, VDB Entry
([email protected])
-
http://www.securityfocus.com/bid/102399
Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.securitytracker.com/id/1040100
Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0774
Patch, Vendor Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://www.exploit-db.com/exploits/43715/
Exploit, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)