CVE-2018-0874

Status: Analyzed

Last modified: 24-08-2020

Published: 14-03-2018

7.5

SUMMARY CVE-2018-0874

ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.

Access CVSS3 CVE-2018-0874

Attack Complexity	Attack Vector	Privileges Required	Scope	User Interaction
HIGH	NETWORK	NONE	UNCHANGED	REQUIRED

Impact CVSS3 CVE-2018-0874

Confidentiality	Integrity	Availability
HIGH	HIGH	HIGH

Details CVE-2018-0874

EPSS	0.06392
EPSS %	0.93861
References	http://www.securityfocus.com/bid/103269 http://www.securitytracker.com/id/1040507 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0874
CWE	CWE-787
Vulnerable Configurations	cpe:2.3:a:microsoft:edge:::::::: cpe:2.3:a:microsoft:edge:::::::: cpe:2.3:o:microsoft:windows_10:-:::::::* cpe:2.3:o:microsoft:windows_10:-:::::::* cpe:2.3:o:microsoft:windows_10:1511:::::::* cpe:2.3:o:microsoft:windows_10:1511:::::::* cpe:2.3:o:microsoft:windows_10:1607:::::::* cpe:2.3:o:microsoft:windows_10:1607:::::::* cpe:2.3:o:microsoft:windows_10:1703:::::::* cpe:2.3:o:microsoft:windows_10:1703:::::::* cpe:2.3:o:microsoft:windows_10:1709:::::::* cpe:2.3:o:microsoft:windows_10:1709:::::::* cpe:2.3:o:microsoft:windows_server_2016:::::::: cpe:2.3:o:microsoft:windows_server_2016::::::::
CVSS3 Source	nvd@nist.gov
CVSS3 Type	Primary
CVSS3 Vector	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H