CVE-2018-8631

HIGH

Internet Explorer < - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8631. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC exploits an out-of-bounds write vulnerability in jscript.dll's JsArrayFunctionHeapSort function via Internet Explorer. The exploit triggers a heap overflow by manipulating the prototype of an arguments object during array sorting.

Description

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · htmldoswindows
https://www.exploit-db.com/exploits/46001

This PoC exploits an out-of-bounds write vulnerability in jscript.dll's JsArrayFunctionHeapSort function via Internet Explorer. The exploit triggers a heap overflow by manipulating the prototype of an arguments object during array sorting.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer (jscript.dll)
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106118
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46001/

Scores

CVSS v3 7.5
EPSS 0.7840
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (3)
microsoft/internet_explorer 9
microsoft/internet_explorer 10
microsoft/internet_explorer 11
Published Dec 12, 2018
Tracked Since Feb 18, 2026