Vulnerabilities > CVE-2018-8384 - Type Confusion vulnerability in Microsoft Chakracore

CVSS 7.6 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

high complexity

microsoft

CWE-843

exploit available

NVD

Published: 2018-08-15

Updated: 2020-08-24

Summary

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Chakracore -	1

Common Weakness Enumeration (CWE)

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit-Db

description	Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion. CVE-2018-8384. Dos exploit for Windows platform. Tags: Denial of Service (...
file	exploits/windows/dos/45431.js
id	EDB-ID:45431
last seen	2018-10-07
modified	2018-09-18
platform	windows
port
published	2018-09-18
reporter	Exploit-DB
source	https://www.exploit-db.com/download/45431/
title	Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion
type	dos

Packetstorm

data source	https://packetstormsecurity.com/files/download/149414/GS20180918023129.txt
id	PACKETSTORM:149414
last seen	2018-09-18
published	2018-09-18
reporter	Google Security Research
source	https://packetstormsecurity.com/files/149414/Microsoft-Edge-Chakra-PathTypeHandlerBase-SetAttributesHelper-Type-Confusion.html
title	Microsoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References