CVE-2018-0835 : Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 17

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.

Published 2018-02-15 02:29:02

Updated 2020-08-24 17:37:01

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2018-0835

Microsoft » Edge » Version: N/A
cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 10 » Version: N/A
When used together with: Microsoft » Windows 10 » Version: 1511
When used together with: Microsoft » Windows 10 » Version: 1607
When used together with: Microsoft » Windows 10 » Version: 1703
When used together with: Microsoft » Windows 10 » Version: 1709
When used together with: Microsoft » Windows Server 2016 » Version: N/A
Microsoft » Chakracore » Version: N/A
cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 10 » Version: N/A
When used together with: Microsoft » Windows 10 » Version: 1511
When used together with: Microsoft » Windows 10 » Version: 1607
When used together with: Microsoft » Windows 10 » Version: 1703
When used together with: Microsoft » Windows 10 » Version: 1709
When used together with: Microsoft » Windows Server 2016 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2018-0835

EPSS FAQ

79.83%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-0835

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.6	HIGH	AV:N/AC:H/Au:N/C:C/I:C/A:C	4.9	10.0	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.5	HIGH	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H	1.6	5.9	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-0835

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-0835

https://www.exploit-db.com/exploits/44079/

Microsoft Edge Chakra JIT - 'Array.prototype.reverse' Array Type Confusion
Exploit;Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/102874

Microsoft Edge Scripting Engine CVE-2018-0835 Remote Memory Corruption Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1040372

Microsoft Edge Multiple Bugs Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions on the Target System - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0835

CVE-2018-0835 | Scripting Engine Memory Corruption Vulnerability
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2018-0835

Products affected by CVE-2018-0835

Exploit prediction scoring system (EPSS) score for CVE-2018-0835

CVSS scores for CVE-2018-0835

CWE ids for CVE-2018-0835

References for CVE-2018-0835