CVE-2018-8178 - Vulnerability Details

Vendors	Products
Microsoft	Chakracore Edge Internet Explorer

Link	Providers
http://www.securityfocus.com/bid/104076
http://www.securitytracker.com/id/1040844
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "ChakraCore", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "ChakraCore"}]}, {"product": "Internet Explorer 11", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "Windows 10 for 32-bit Systems"}, {"status": "affected", "version": "Windows 10 for x64-based Systems"}, {"status": "affected", "version": "Windows 10 Version 1607 for 32-bit Systems"}, {"status": "affected", "version": "Windows 10 Version 1607 for x64-based Systems"}, {"status": "affected", "version": "Windows 10 Version 1703 for 32-bit Systems"}, {"status": "affected", "version": "Windows 10 Version 1703 for x64-based Systems"}, {"status": "affected", "version": "Windows 10 Version 1709 for 32-bit Systems"}, {"status": "affected", "version": "Windows 10 Version 1709 for x64-based Systems"}, {"status": "affected", "version": "Windows 10 Version 1803 for 32-bit Systems"}, {"status": "affected", "version": "Windows 10 Version 1803 for x64-based Systems"}, {"status": "affected", "version": "Windows 7 for 32-bit Systems Service Pack 1"}, {"status": "affected", "version": "Windows 7 for x64-based Systems Service Pack 1"}, {"status": "affected", "version": "Windows 8.1 for 32-bit systems"}, {"status": "affected", "version": "Windows 8.1 for x64-based systems"}, {"status": "affected", "version": "Windows RT 8.1"}, {"status": "affected", "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"}, {"status": "affected", "version": "Windows Server 2012 R2"}, {"status": "affected", "version": "Windows Server 2016"}]}, {"product": "Microsoft Edge", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "Windows 10 for 32-bit Systems"}, {"status": "affected", "version": "Windows 10 for x64-based Systems"}, {"status": "affected", "version": "Windows 10 Version 1607 for 32-bit Systems"}, {"status": "affected", "version": "Windows 10 Version 1607 for x64-based Systems"}, {"status": "affected", "version": "Windows 10 Version 1703 for 32-bit Systems"}, {"status": "affected", "version": "Windows 10 Version 1703 for x64-based Systems"}, {"status": "affected", "version": "Windows 10 Version 1709 for 32-bit Systems"}, {"status": "affected", "version": "Windows 10 Version 1709 for x64-based Systems"}, {"status": "affected", "version": "Windows 10 Version 1803 for 32-bit Systems"}, {"status": "affected", "version": "Windows 10 Version 1803 for x64-based Systems"}, {"status": "affected", "version": "Windows Server 2016"}]}], "datePublic": "2018-05-08T00:00:00", "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka \"Microsoft Browser Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge."}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-10T09:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "104076", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104076"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178"}, {"name": "1040844", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040844"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2018-8178", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ChakraCore", "version": {"version_data": [{"version_value": "ChakraCore"}]}}, {"product_name": "Internet Explorer 11", "version": {"version_data": [{"version_value": "Windows 10 for 32-bit Systems"}, {"version_value": "Windows 10 for x64-based Systems"}, {"version_value": "Windows 10 Version 1607 for 32-bit Systems"}, {"version_value": "Windows 10 Version 1607 for x64-based Systems"}, {"version_value": "Windows 10 Version 1703 for 32-bit Systems"}, {"version_value": "Windows 10 Version 1703 for x64-based Systems"}, {"version_value": "Windows 10 Version 1709 for 32-bit Systems"}, {"version_value": "Windows 10 Version 1709 for x64-based Systems"}, {"version_value": "Windows 10 Version 1803 for 32-bit Systems"}, {"version_value": "Windows 10 Version 1803 for x64-based Systems"}, {"version_value": "Windows 7 for 32-bit Systems Service Pack 1"}, {"version_value": "Windows 7 for x64-based Systems Service Pack 1"}, {"version_value": "Windows 8.1 for 32-bit systems"}, {"version_value": "Windows 8.1 for x64-based systems"}, {"version_value": "Windows RT 8.1"}, {"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"}, {"version_value": "Windows Server 2012 R2"}, {"version_value": "Windows Server 2016"}]}}, {"product_name": "Microsoft Edge", "version": {"version_data": [{"version_value": "Windows 10 for 32-bit Systems"}, {"version_value": "Windows 10 for x64-based Systems"}, {"version_value": "Windows 10 Version 1607 for 32-bit Systems"}, {"version_value": "Windows 10 Version 1607 for x64-based Systems"}, {"version_value": "Windows 10 Version 1703 for 32-bit Systems"}, {"version_value": "Windows 10 Version 1703 for x64-based Systems"}, {"version_value": "Windows 10 Version 1709 for 32-bit Systems"}, {"version_value": "Windows 10 Version 1709 for x64-based Systems"}, {"version_value": "Windows 10 Version 1803 for 32-bit Systems"}, {"version_value": "Windows 10 Version 1803 for x64-based Systems"}, {"version_value": "Windows Server 2016"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka \"Microsoft Browser Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Code Execution"}]}]}, "references": {"reference_data": [{"name": "104076", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104076"}, {"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178"}, {"name": "1040844", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040844"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:46:13.479Z"}, "title": "CVE Program Container", "references": [{"name": "104076", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104076"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178"}, {"name": "1040844", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040844"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2018-8178", "datePublished": "2018-05-09T19:00:00", "dateReserved": "2018-03-14T00:00:00", "dateUpdated": "2024-08-05T06:46:13.479Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : ChakraCore (string)

vendor : Microsoft (string)

versions : [ »

0 : { »

status : affected (string)

version : ChakraCore (string)

}

]

}

1 : { »

product : Internet Explorer 11 (string)

vendor : Microsoft (string)

versions : [ »

0 : { »

status : affected (string)

version : Windows 10 for 32-bit Systems (string)

}

1 : { »

status : affected (string)

version : Windows 10 for x64-based Systems (string)

}

2 : { »

status : affected (string)

version : Windows 10 Version 1607 for 32-bit Systems (string)

}

3 : { »

status : affected (string)

version : Windows 10 Version 1607 for x64-based Systems (string)

}

4 : { »

status : affected (string)

version : Windows 10 Version 1703 for 32-bit Systems (string)

}

5 : { »

status : affected (string)

version : Windows 10 Version 1703 for x64-based Systems (string)

}

6 : { »

status : affected (string)

version : Windows 10 Version 1709 for 32-bit Systems (string)

}

7 : { »

status : affected (string)

version : Windows 10 Version 1709 for x64-based Systems (string)

}

8 : { »

status : affected (string)

version : Windows 10 Version 1803 for 32-bit Systems (string)

}

9 : { »

status : affected (string)

version : Windows 10 Version 1803 for x64-based Systems (string)

}

10 : { »

status : affected (string)

version : Windows 7 for 32-bit Systems Service Pack 1 (string)

}

11 : { »

status : affected (string)

version : Windows 7 for x64-based Systems Service Pack 1 (string)

}

12 : { »

status : affected (string)

version : Windows 8.1 for 32-bit systems (string)

}

13 : { »

status : affected (string)

version : Windows 8.1 for x64-based systems (string)

}

14 : { »

status : affected (string)

version : Windows RT 8.1 (string)

}

15 : { »

status : affected (string)

version : Windows Server 2008 R2 for x64-based Systems Service Pack 1 (string)

}

16 : { »

status : affected (string)

version : Windows Server 2012 R2 (string)

}

17 : { »

status : affected (string)

version : Windows Server 2016 (string)

}

]

}

2 : { »

product : Microsoft Edge (string)

vendor : Microsoft (string)

versions : [ »

0 : { »

status : affected (string)

version : Windows 10 for 32-bit Systems (string)

}

1 : { »

status : affected (string)

version : Windows 10 for x64-based Systems (string)

}

2 : { »

status : affected (string)

version : Windows 10 Version 1607 for 32-bit Systems (string)

}

3 : { »

status : affected (string)

version : Windows 10 Version 1607 for x64-based Systems (string)

}

4 : { »

status : affected (string)

version : Windows 10 Version 1703 for 32-bit Systems (string)

}

5 : { »

status : affected (string)

version : Windows 10 Version 1703 for x64-based Systems (string)

}

6 : { »

status : affected (string)

version : Windows 10 Version 1709 for 32-bit Systems (string)

}

7 : { »

status : affected (string)

version : Windows 10 Version 1709 for x64-based Systems (string)

}

8 : { »

status : affected (string)

version : Windows 10 Version 1803 for 32-bit Systems (string)

}

9 : { »

status : affected (string)

version : Windows 10 Version 1803 for x64-based Systems (string)

}

10 : { »

status : affected (string)

version : Windows Server 2016 (string)

}

]

}

]

datePublic : 2018-05-08T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Remote Code Execution (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-05-10T09:57:01 (string)

orgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

shortName : microsoft (string)

}

references : [ »

0 : { »

name : 104076 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/104076 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178 (string)

}

2 : { »

name : 1040844 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1040844 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secure@microsoft.com (string)

ID : CVE-2018-8178 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : ChakraCore (string)

version : { »

version_data : [ »

0 : { »

version_value : ChakraCore (string)

}

]

}

1 : { »

product_name : Internet Explorer 11 (string)

version : { »

version_data : [ »

0 : { »

version_value : Windows 10 for 32-bit Systems (string)

}

1 : { »

version_value : Windows 10 for x64-based Systems (string)

}

2 : { »

version_value : Windows 10 Version 1607 for 32-bit Systems (string)

}

3 : { »

version_value : Windows 10 Version 1607 for x64-based Systems (string)

}

4 : { »

version_value : Windows 10 Version 1703 for 32-bit Systems (string)

}

5 : { »

version_value : Windows 10 Version 1703 for x64-based Systems (string)

}

6 : { »

version_value : Windows 10 Version 1709 for 32-bit Systems (string)

}

7 : { »

version_value : Windows 10 Version 1709 for x64-based Systems (string)

}

8 : { »

version_value : Windows 10 Version 1803 for 32-bit Systems (string)

}

9 : { »

version_value : Windows 10 Version 1803 for x64-based Systems (string)

}

10 : { »

version_value : Windows 7 for 32-bit Systems Service Pack 1 (string)

}

11 : { »

version_value : Windows 7 for x64-based Systems Service Pack 1 (string)

}

12 : { »

version_value : Windows 8.1 for 32-bit systems (string)

}

13 : { »

version_value : Windows 8.1 for x64-based systems (string)

}

14 : { »

version_value : Windows RT 8.1 (string)

}

15 : { »

version_value : Windows Server 2008 R2 for x64-based Systems Service Pack 1 (string)

}

16 : { »

version_value : Windows Server 2012 R2 (string)

}

17 : { »

version_value : Windows Server 2016 (string)

}

]

}

2 : { »

product_name : Microsoft Edge (string)

version : { »

version_data : [ »

0 : { »

version_value : Windows 10 for 32-bit Systems (string)

}

1 : { »

version_value : Windows 10 for x64-based Systems (string)

}

2 : { »

version_value : Windows 10 Version 1607 for 32-bit Systems (string)

}

3 : { »

version_value : Windows 10 Version 1607 for x64-based Systems (string)

}

4 : { »

version_value : Windows 10 Version 1703 for 32-bit Systems (string)

}

5 : { »

version_value : Windows 10 Version 1703 for x64-based Systems (string)

}

6 : { »

version_value : Windows 10 Version 1709 for 32-bit Systems (string)

}

7 : { »

version_value : Windows 10 Version 1709 for x64-based Systems (string)

}

8 : { »

version_value : Windows 10 Version 1803 for 32-bit Systems (string)

}

9 : { »

version_value : Windows 10 Version 1803 for x64-based Systems (string)

}

10 : { »

version_value : Windows Server 2016 (string)

}

]

}

]

}

vendor_name : Microsoft (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Remote Code Execution (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 104076 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/104076 (string)

}

1 : { »

name : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178 (string)

refsource : CONFIRM (string)

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178 (string)

}

2 : { »

name : 1040844 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1040844 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T06:46:13.479Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 104076 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/104076 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178 (string)

}

2 : { »

name : 1040844 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1040844 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

assignerShortName : microsoft (string)

cveId : CVE-2018-8178 (string)

datePublished : 2018-05-09T19:00:00 (string)

dateReserved : 2018-03-14T00:00:00 (string)

dateUpdated : 2024-08-05T06:46:13.479Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "77D197D7-57FB-4898-8C70-B19D5F0D5BE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "matchCriteriaId": "15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*", "matchCriteriaId": "53E254E0-526B-4AF5-BC91-5BFB5FC95138", "versionEndIncluding": "1.8.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka \"Microsoft Browser Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge."}, {"lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que los navegadores de Microsoft gestionan los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Browser Memory Corruption Vulnerability\". Esto afecta a ChakraCore, Internet Explorer 11 y Microsoft Edge."}], "id": "CVE-2018-8178", "lastModified": "2024-11-21T04:13:24.730", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-09T19:29:02.980", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104076"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040844"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 77D197D7-57FB-4898-8C70-B19D5F0D5BE0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:* (string)

matchCriteriaId : 15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 53E254E0-526B-4AF5-BC91-5BFB5FC95138 (string)

versionEndIncluding : 1.8.3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. (string)

}

1 : { »

lang : es (string)

value : Existe una vulnerabilidad de ejecución remota de código debido a la forma en la que los navegadores de Microsoft gestionan los objetos en la memoria. Esto también se conoce como "Microsoft Browser Memory Corruption Vulnerability". Esto afecta a ChakraCore, Internet Explorer 11 y Microsoft Edge. (string)

}

]

id : CVE-2018-8178 (string)

lastModified : 2024-11-21T04:13:24.730 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : HIGH (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 7.6 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:H/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 4.9 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 1.6 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-05-09T19:29:02.980 (string)

references : [ »

0 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/104076 (string)

}

1 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1040844 (string)

}

2 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/104076 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1040844 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178 (string)

}

]

sourceIdentifier : secure@microsoft.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object