CVE-2018-8625

HIGH

Internet Explorer 9, 10, 11 - Remote Code Execution via VBScript Engine Use-After-Free

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8625. PoCs published by Google Security Research.

AI-analyzed exploit summary The writeup describes a use-after-free vulnerability in Microsoft VBScript (CVE-2018-8625) caused by a reference leak in the `VbsErase` function. The exploit involves manipulating reference counts via user-defined callbacks to overflow a 32-bit counter, potentially leading to remote code execution.

Description

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/46022

View Code ZIP pw:eip

The writeup describes a use-after-free vulnerability in Microsoft VBScript (CVE-2018-8625) caused by a reference leak in the `VbsErase` function. The exploit involves manipulating reference counts via user-defined callbacks to overflow a 32-bit counter, potentially leading to remote code execution.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Complex

Reliability

Theoretical

Target: Microsoft VBScript (Internet Explorer)

No auth needed

Prerequisites: Target running Internet Explorer with VBScript enabled · Ability to deliver malicious script to victim

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106122

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46022/

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8625

Scores

CVSS v3 7.5

EPSS 0.4376

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (3)

microsoft/internet_explorer 9

microsoft/internet_explorer 10

microsoft/internet_explorer 11

Published Dec 12, 2018

Tracked Since Feb 18, 2026