Description
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Google Security Research · textdoswindows
https://www.exploit-db.com/exploits/46022
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106122
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/46022/
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8625
Scores
CVSS v3
7.5
EPSS
0.5942
EPSS Percentile
98.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (3)
microsoft/internet_explorer
9
microsoft/internet_explorer
10
microsoft/internet_explorer
11
Published
Dec 12, 2018
Tracked Since
Feb 18, 2026