Published: 11/07/2018 Updated: 24/08/2020

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 765

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft chakracore

/* The InitializeNumberFormat function in Intljs is used to initialize an IntlNumberFormat object, and InitializeDateTimeFormat is used for an IntlDateTimeFormat object There are two versions of each initializer One is for WinGlob and the other is for ICU The problem is that the versions for ICU don't check whether the given object has been i ...

The InitializeNumberFormat function in Intljs is used to initialize an IntlNumberFormat object, and InitializeDateTimeFormat is used for an IntlDateTimeFormat object There are two versions of each initializer One is for WinGlob and the other is for ICU The problem is that the versions for ICU don't check whether the given object has been init ...

CWE-843 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8298 http://www.securityfocus.com/bid/104639 https://www.exploit-db.com/exploits/45217/https://nvd.nist.gov https://www.exploit-db.com/exploits/45217/

CVE-2018-8298

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect