← Voltar para CVEs
CVE-2018-8298
HIGHCISA KEV7.5
Descricao
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado7/11/2018
Ultima modificacao10/28/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorChakraCore
ProdutoChakraCore scripting engine
Nome da vulnerabilidadeChakraCore Scripting Engine Type Confusion Vulnerability
Data inclusao KEV2022-03-03
Prazo de remediacao2022-03-17
Uso em ransomwareUnknown
Produtos afetados
microsoft:chakracore
Fraquezas (CWE)
CWE-843CWE-843
Referencias
http://www.securityfocus.com/bid/104639(secure@microsoft.com)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8298(secure@microsoft.com)
https://www.exploit-db.com/exploits/45217/(secure@microsoft.com)
http://www.securityfocus.com/bid/104639(af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8298(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45217/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8298(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.