CVE-2018-0934
ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937.
Published
2018-03-14T17:29:03.560
Last Modified
2024-11-21T03:39:15.300
Status
Modified
Source
[email protected]
Severity
CVSSv3.0: 7.5 (HIGH)
CVSSv2 Vector
AV:N/AC:H/Au:N/C:C/I:C/A:C
- Access Vector: NETWORK
- Access Complexity: HIGH
- Authentication: NONE
- Confidentiality Impact: COMPLETE
- Integrity Impact: COMPLETE
- Availability Impact: COMPLETE
Exploitability Score
4.9
Impact Score
10.0
Weaknesses
-
Type: Primary
CWE-755
CWE-787
Affected Vendors & Products
References
-
http://www.securityfocus.com/bid/103275
Third Party Advisory, VDB Entry
([email protected])
-
http://www.securitytracker.com/id/1040507
Third Party Advisory, VDB Entry
([email protected])
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0934
Patch, Vendor Advisory
([email protected])
-
https://www.exploit-db.com/exploits/44396/
Exploit, Third Party Advisory, VDB Entry
([email protected])
-
https://www.exploit-db.com/exploits/44397/
Exploit, Third Party Advisory, VDB Entry
([email protected])
-
http://www.securityfocus.com/bid/103275
Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.securitytracker.com/id/1040507
Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0934
Patch, Vendor Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://www.exploit-db.com/exploits/44396/
Exploit, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
https://www.exploit-db.com/exploits/44397/
Exploit, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)