7.6
CVSSv2

CVE-2018-8653

Published: 20/12/2018 Updated: 08/05/2019
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 676
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Summary

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftInternet Explorer9, 10, 11

Recent Articles

Microsoft issues emergency fix for Internet Explorer zero-day
welivesecurity • Tomáš Foltýn • 20 Dec 2018

Microsoft rolled out an emergency security update on Wednesday to patch a zero-day vulnerability in its Internet Explorer (IE) web browser that malicious actors are exploiting in the wild to hack into Windows computers.
The security hole – classified as a remote-code execution vulnerability and tracked as CVE-2018-8653 – resides in IE’s scripting engine, specifically in how the engine handles objects in memory. If exploited, the flaw gives the attacker the same privileges as those of...

Microsoft IE Zero Day Gets Emergency Patch
Threatpost • Tom Spring • 20 Dec 2018

Microsoft patched a zero-day vulnerability in its Internet Explorer browser that is actively being exploited by attackers. The bug, reported by Google, is a remote code execution vulnerability that allowed attackers to infiltrate vulnerable systems via a booby trapped website that could have injected malicious code into the Internet Explorer browser.
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft wrote in...

On the first day of Christmas, Microsoft gave to me... an emergency out-of-band security patch for IE
The Register • Chris Williams, Editor in Chief • 19 Dec 2018

Update Internet Explorer now after Google detects attacks in the wild

Microsoft today emitted an emergency security patch for a flaw in Internet Explorer that hackers are exploiting in the wild to hijack computers.
The vulnerability, CVE-2018-8653, is a remote-code execution hole in the browser's scripting engine.
Visiting a malicious website abusing this bug with a vulnerable version of IE is enough to be potentially infected by spyware, ransomware or some other software nasty. Thus, check Microsoft Update and install any available patches as soon as ...