Vulnerabilities > CVE-2018-8298 - Type Confusion vulnerability in Microsoft Chakracore
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Microsoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type Confusion. CVE-2018-8298. Dos exploit for Windows platform. Tags: Type C... |
| file | exploits/windows/dos/45217.js |
| id | EDB-ID:45217 |
| last seen | 2018-08-17 |
| modified | 2018-08-17 |
| platform | windows |
| port | |
| published | 2018-08-17 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/45217/ |
| title | Microsoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type Confusion |
| type | dos |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/148985/GS20180817193510.txt |
| id | PACKETSTORM:148985 |
| last seen | 2018-08-18 |
| published | 2018-08-17 |
| reporter | Google Security Research |
| source | https://packetstormsecurity.com/files/148985/Microsoft-Edge-Chakra-InitializeNumberFormat-InitializeDateTimeFormat-Type-Confusion.html |
| title | Microsoft Edge Chakra InitializeNumberFormat / InitializeDateTimeFormat Type Confusion |
The Hacker News
| id | THN:482268607F3476C1920BBF880270C854 |
| last seen | 2018-07-10 |
| modified | 2018-07-10 |
| published | 2018-07-10 |
| reporter | The Hacker News |
| source | https://thehackernews.com/2018/07/microsoft-security-patch-update.html |
| title | Microsoft Releases Patch Updates for 53 Vulnerabilities In Its Software |