Published: 11/07/2018 Updated: 24/08/2020

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 765

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft edge -
microsoft chakracore

// PoC: async function trigger(a = class b { [await 1]() { } }) { } let spray = []; for (let i = 0; i < 100000; i++) { spraypush(parseFloatbind(1, 0x1234, 0x1234, 0x1234, 0x1234)); } trigger(); /* The PoC is invalid JavaScript, but Chakra does parse it without any exception and generates incorrect bytecode from that Here's th ...

Microsoft Edge Chakra suffers from a parameter scope parsing bug ...

A collection of JavaScript engine CVEs with PoCs

Case Study of JavaScript Engine Vulnerabilities V8 CVE Number Feature Keywords Credit CVE-2013-6632 TypedArray Integer Overflow, OOB Pinkie Pie CVE-2014-1705 TypedArray Invalid Array Length, OOB geohot CVE-2014-3176 Arrayconcat Side Effect, OOB lokihardt CVE-2014-7927 Optimization asmjs, OOB Christian Holler CVE-2014-7928 Optimization Array Christian Holler C

CWE-843 http://www.securityfocus.com/bid/104641 http://www.securitytracker.com/id/1041256 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8279 https://www.exploit-db.com/exploits/45214/https://www.rapid7.com/db/vulnerabilities/msft-cve-2018-8279 https://nvd.nist.gov https://www.exploit-db.com/exploits/45214/https://github.com/tunz/js-vuln-db https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/104641

CVE-2018-8279

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

Github Repositories

References