7.6
HIGH

CVE-2018-8653

Published: 20/12/2018 Updated: 03/01/2019
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

Vulnerability Summary

Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability.This vulnerability was detected in exploits in the wild.

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Access Complexity: HIGH
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftInternet Explorer9, 10, 11

Recent Articles

Microsoft issues emergency fix for Internet Explorer zero-day
welivesecurity • Tomáš Foltýn • 20 Dec 2018

Microsoft rolled out an emergency security update on Wednesday to patch a zero-day vulnerability in its Internet Explorer (IE) web browser that malicious actors are exploiting in the wild to hack into Windows computers.
The security hole – classified as a remote-code execution vulnerability and tracked as CVE-2018-8653 – resides in IE’s scripting engine, specifically in how the engine handles objects in memory. If exploited, the flaw gives the attacker the same privileges as those of...

Microsoft IE Zero Day Gets Emergency Patch
Threatpost • Tom Spring • 20 Dec 2018

Microsoft patched a zero-day vulnerability in its Internet Explorer browser that is actively being exploited by attackers. The bug, reported by Google, is a remote code execution vulnerability that allowed attackers to infiltrate vulnerable systems via a booby trapped website that could have injected malicious code into the Internet Explorer browser.
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft wrote in...

On the first day of Christmas, Microsoft gave to me... an emergency out-of-band security patch for IE
The Register • Chris Williams, Editor in Chief • 19 Dec 2018

Update Internet Explorer now after Google detects attacks in the wild

Microsoft today emitted an emergency security patch for a flaw in Internet Explorer that hackers are exploiting in the wild to hijack computers.
The vulnerability, CVE-2018-8653, is a remote-code execution hole in the browser's scripting engine.
Visiting a malicious website abusing this bug with a vulnerable version of IE is enough to be potentially infected by spyware, ransomware or some other software nasty. Thus, check Microsoft Update and install any available patches as soon as ...

References