Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2018-8617

Published: 12/12/2018 Updated: 24/08/2020
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 766
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft chakracore -

microsoft edge -

Exploits

Exploit DB: Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion
/* In Chakra, if you add a numeric property to an object having inlined properties, it will start transition to a new type where the space for some of previously inlined properties become for the pointer to the property slots and the pointer to the object array which stores numeric properties For this reason, when it optimizes an InlineArrayPush i ...
Exploit DB: Microsoft Edge Chakra InlineArrayPush Type Confusion
Microsoft Edge suffers from a Chakra related type confusion vulnerability in InlineArrayPush ...

Github Repositories

https://github.com/ommadawn46/Chakra-TypeConfusions

Chakra Type Confusions - PoCs of Edge's legacy JS engine vulnerabilities that inject code into the JIT process

Chakra Type Confusions This repository contains PoCs for type confusion vulnerabilities in the ChakraCore engine used by Microsoft Edge (EdgeHTML version, not Chromium-based Edge) The PoCs inject dummy code (specifically an int 3 followed by nop) into a Just-In-Time (JIT) compilation process To verify the PoCs, attach a debugger to a JIT compilation process (one of the Micros

https://github.com/ommadawn46/chakra-type-confusions

Chakra Type Confusions - PoCs of Edge's legacy JS engine vulnerabilities that inject code into the JIT process

Chakra Type Confusions This repository contains PoCs for type confusion vulnerabilities in the ChakraCore engine used by Microsoft Edge (EdgeHTML version, not Chromium-based Edge) The PoCs inject dummy code (specifically an int 3 followed by nop) into a Just-In-Time (JIT) compilation process To verify the PoCs, attach a debugger to a JIT compilation process (one of the Micros

References

CWE-787https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8617http://www.securityfocus.com/bid/106112https://www.exploit-db.com/exploits/46202/https://nvd.nist.govhttps://github.com/ommadawn46/Chakra-TypeConfusionshttps://www.exploit-db.com/exploits/46202
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook