7.6

CVE-2018-8625

Exploit

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version9
   MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftInternet Explorer Version10
   MicrosoftWindows Server 2012 Version-
MicrosoftInternet Explorer Version11 Update-
   MicrosoftWindows 10 Version-
   MicrosoftWindows 10 Version1607
   MicrosoftWindows 10 Version1703
   MicrosoftWindows 10 Version1709
   MicrosoftWindows 10 Version1803
   MicrosoftWindows 10 Version1809
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version- SwEditionpro_n
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2012 Versionr2
   MicrosoftWindows Server 2016 Version-
   MicrosoftWindows Server 2019 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 60.17% 0.982
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://www.securityfocus.com/bid/106122
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/46022/
Third Party Advisory
Exploit
VDB Entry