7.6
CVSSv2

CVE-2018-8279

Published: 11/07/2018 Updated: 24/08/2020
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 765
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Summary

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft edge -

microsoft chakracore

Exploits

// PoC: async function trigger(a = class b { [await 1]() { } }) { } let spray = []; for (let i = 0; i < 100000; i++) { spraypush(parseFloatbind(1, 0x1234, 0x1234, 0x1234, 0x1234)); } trigger(); /* The PoC is invalid JavaScript, but Chakra does parse it without any exception and generates incorrect bytecode from that Here's th ...

Mailing Lists

Microsoft Edge Chakra suffers from a parameter scope parsing bug ...

Github Repositories

A collection of JavaScript engine CVEs with PoCs

Case Study of JavaScript Engine Vulnerabilities V8 CVE Number Feature Keywords Credit CVE-2013-6632 TypedArray Integer Overflow, OOB Pinkie Pie CVE-2014-1705 TypedArray Invalid Array Length, OOB geohot CVE-2014-3176 Arrayconcat Side Effect, OOB lokihardt CVE-2014-7927 Optimization asmjs, OOB Christian Holler CVE-2014-7928 Optimization Array Christian Holler C