Vulnerabilities > CVE-2018-8384 - Type Confusion vulnerability in Microsoft Chakracore
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion. CVE-2018-8384. Dos exploit for Windows platform. Tags: Denial of Service (... |
file | exploits/windows/dos/45431.js |
id | EDB-ID:45431 |
last seen | 2018-10-07 |
modified | 2018-09-18 |
platform | windows |
port | |
published | 2018-09-18 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/45431/ |
title | Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion |
type | dos |
Packetstorm
data source | https://packetstormsecurity.com/files/download/149414/GS20180918023129.txt |
id | PACKETSTORM:149414 |
last seen | 2018-09-18 |
published | 2018-09-18 |
reporter | Google Security Research |
source | https://packetstormsecurity.com/files/149414/Microsoft-Edge-Chakra-PathTypeHandlerBase-SetAttributesHelper-Type-Confusion.html |
title | Microsoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion |
References
- http://www.securityfocus.com/bid/104981
- http://www.securityfocus.com/bid/104981
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8384
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8384
- https://www.exploit-db.com/exploits/45431/
- https://www.exploit-db.com/exploits/45431/