CVE-2018-8298
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
Published
2018-07-11T00:29:01.663
Last Modified
2025-04-04T15:32:27.460
Status
Analyzed
Source
[email protected]
Severity
CVSSv3.1: 7.5 (HIGH)
CVSSv2 Vector
AV:N/AC:H/Au:N/C:C/I:C/A:C
- Access Vector: NETWORK
- Access Complexity: HIGH
- Authentication: NONE
- Confidentiality Impact: COMPLETE
- Integrity Impact: COMPLETE
- Availability Impact: COMPLETE
Exploitability Score
4.9
Impact Score
10.0
Weaknesses
-
Type: Primary
CWE-843
-
Type: Secondary
CWE-843
Affected Vendors & Products
References
-
http://www.securityfocus.com/bid/104639
Third Party Advisory, VDB Entry, Broken Link
([email protected])
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8298
Patch, Vendor Advisory
([email protected])
-
https://www.exploit-db.com/exploits/45217/
Exploit, Third Party Advisory, VDB Entry
([email protected])
-
http://www.securityfocus.com/bid/104639
Third Party Advisory, VDB Entry, Broken Link
(af854a3a-2127-422b-91ae-364da2661108)
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8298
Patch, Vendor Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://www.exploit-db.com/exploits/45217/
Exploit, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)