7.6

CVE-2018-8653

Warning

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version9
   MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftInternet Explorer Version10
   MicrosoftWindows Server 2012 Version-
MicrosoftInternet Explorer Version11 Update-
   MicrosoftWindows 10 1507 Version-
   MicrosoftWindows 10 1607
   MicrosoftWindows 10 1703
   MicrosoftWindows 10 1709
   MicrosoftWindows 10 1803
   MicrosoftWindows 10 1809
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version- SwEditionpro_n
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Versionr2
   MicrosoftWindows Server 2016 Version-
   MicrosoftWindows Server 2019 Version-

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 29.38% 0.965
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securityfocus.com/bid/106255
Third Party Advisory
Broken Link
VDB Entry