CVE-2018-0836

Status: Analyzed

Last modified: 24-08-2020

Published: 15-02-2018

7.5

SUMMARY CVE-2018-0836

Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.

Access CVSS3 CVE-2018-0836

Attack Complexity	Attack Vector	Privileges Required	Scope	User Interaction
HIGH	NETWORK	NONE	UNCHANGED	REQUIRED

Impact CVSS3 CVE-2018-0836

Confidentiality	Integrity	Availability
HIGH	HIGH	HIGH

Details CVE-2018-0836

EPSS	0.06392
EPSS %	0.93861
References	http://www.securityfocus.com/bid/102875 http://www.securitytracker.com/id/1040372 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0836
CWE	CWE-787
Vulnerable Configurations	cpe:2.3:a:microsoft:chakracore:-:::::::* cpe:2.3:a:microsoft:chakracore:-:::::::* cpe:2.3:a:microsoft:edge:-:::::::* cpe:2.3:a:microsoft:edge:-:::::::* cpe:2.3:o:microsoft:windows_10:1703:::::::* cpe:2.3:o:microsoft:windows_10:1703:::::::* cpe:2.3:o:microsoft:windows_10:1709:::::::* cpe:2.3:o:microsoft:windows_10:1709:::::::*
CVSS3 Source	nvd@nist.gov
CVSS3 Type	Primary
CVSS3 Vector	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H