Published: 14/06/2018 Updated: 24/08/2020

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 765

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft edge -
microsoft chakracore

/* Here's a PoC: */ function opt(str) { for (let i = 0; i < 200; i++) { let tmp = strcharCodeAt('AAAAAAAAAA' + str + 'BBBBBBBBBB'); } } opt('x'); opt(0x1234); /* Here's the IR code of the PoC before the global optimization phase: --------- FunctionEntry # s18 ...

Microsoft Edge Chakra JIT suffers from a type confusion vulnerability with hoisted SetConcatStrMultiItemBE instructions ...

June 2018, and Windows Server can be pwned with a DNS request

The Register • Shaun Nichols in San Francisco • 12 Jun 2018

Cortana also a little too eager to carry out commands Have to use SMB 1.0? Windows 10 April 2018 Update says NO

Microsoft has released its monthly security update, addressing a total of 51 CVE-listed security vulnerabilities. The June edition of Patch Tuesday includes 11 fixes for critical vulnerabilities in Windows, including Microsoft's solution for the recently-disclosed Spectre Variant 4 chip design flaw. Among the most serious bugs addressed this month is CVE-2018-8225, a remote code execution vulnerability present in the Windows DNSAPI. Microsoft says that the flaw would allow an attacker to take ov...

CVE-2018-8229

Vulnerability Summary

Vulnerability Trend

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect