Vulnerabilities > CVE-2018-8298 - Type Confusion vulnerability in Microsoft Chakracore

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
microsoft
CWE-843
exploit available

Summary

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.

Exploit-Db

descriptionMicrosoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type Confusion. CVE-2018-8298. Dos exploit for Windows platform. Tags: Type C...
fileexploits/windows/dos/45217.js
idEDB-ID:45217
last seen2018-08-17
modified2018-08-17
platformwindows
port
published2018-08-17
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/45217/
titleMicrosoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type Confusion
typedos

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/148985/GS20180817193510.txt
idPACKETSTORM:148985
last seen2018-08-18
published2018-08-17
reporterGoogle Security Research
sourcehttps://packetstormsecurity.com/files/148985/Microsoft-Edge-Chakra-InitializeNumberFormat-InitializeDateTimeFormat-Type-Confusion.html
titleMicrosoft Edge Chakra InitializeNumberFormat / InitializeDateTimeFormat Type Confusion

The Hacker News

idTHN:482268607F3476C1920BBF880270C854
last seen2018-07-10
modified2018-07-10
published2018-07-10
reporterThe Hacker News
sourcehttps://thehackernews.com/2018/07/microsoft-security-patch-update.html
titleMicrosoft Releases Patch Updates for 53 Vulnerabilities In Its Software