CVE-2018-8275

HIGH EXPLOITED

Microsoft Edge and ChakraCore - Remote Code Execution via Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-8275 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8279, CVE-2018-8301.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104632
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041256

Scores

CVSS v3 7.5
EPSS 0.1923
EPSS Percentile 97.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-08-17
CWE
CWE-787
Status published
Products (2)
microsoft/chakracore < 1.10.0
microsoft/edge
Published Jul 11, 2018
Tracked Since Feb 18, 2026