7.6

CVE-2018-8287

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version11
   MicrosoftWindows 10 Version-
   MicrosoftWindows 10 Version1607
   MicrosoftWindows 10 Version1703
   MicrosoftWindows 10 Version1709
   MicrosoftWindows 10 Version1803
   MicrosoftWindows 7 Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012 Versionr2
   MicrosoftWindows Server 2016 Version-
MicrosoftEdge Version-
   MicrosoftWindows 10 Version-
   MicrosoftWindows 10 Version1607
   MicrosoftWindows 10 Version1703
   MicrosoftWindows 10 Version1709
   MicrosoftWindows 10 Version1803
   MicrosoftWindows Server 2016 Version-
MicrosoftChakracore Version < 1.10.1
MicrosoftInternet Explorer Version10
   MicrosoftWindows Server 2012 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 36.76% 0.97
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securitytracker.com/id/1041258
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041256
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/104634
Third Party Advisory
VDB Entry