7.6
CVE-2018-8298
- EPSS 89.01%
- Published 11.07.2018 00:29:01
- Last modified 04.04.2025 15:32:27
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Chakracore Version < 1.10.1
03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
ChakraCore Scripting Engine Type Confusion Vulnerability
VulnerabilityThe ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 89.01% | 0.995 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.6 | 4.9 | 10 |
AV:N/AC:H/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.