CVE-2018-8145

HIGH

Chakra < - Memory Corruption

Title source: llm

Description

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · javascriptdoswindows

https://www.exploit-db.com/exploits/45011

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/103986

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040844

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8145

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45011/

Scores

CVSS v3 7.5

EPSS 0.7210

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-200

Status published

Affected Products (5)

microsoft/chakracore < 1.8.3

microsoft/internet_explorer

microsoft/edge

microsoft/internet_explorer

nuget/Microsoft.ChakraCore < 1.8.4NuGet

Timeline

Published May 09, 2018

Tracked Since Feb 18, 2026