CVE-2018-1023 : A remote code execution vulnerability exists in the way that Microsoft browsers

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore.

Published 2018-04-12 01:29:10

Updated 2020-08-24 17:37:01

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2018-1023

Microsoft » Edge » Version: N/A
cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 10 » Version: N/A
When used together with: Microsoft » Windows 10 » Version: 1511
When used together with: Microsoft » Windows 10 » Version: 1607
When used together with: Microsoft » Windows 10 » Version: 1703
When used together with: Microsoft » Windows 10 » Version: 1709
When used together with: Microsoft » Windows Server 2016 » Version: N/A
Microsoft » Chakracore » Version: N/A
cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 10 » Version: N/A
When used together with: Microsoft » Windows 10 » Version: 1511
When used together with: Microsoft » Windows 10 » Version: 1607
When used together with: Microsoft » Windows 10 » Version: 1703
When used together with: Microsoft » Windows 10 » Version: 1709
When used together with: Microsoft » Windows Server 2016 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2018-1023

EPSS FAQ

9.86%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 92 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-1023

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.6	HIGH	AV:N/AC:H/Au:N/C:C/I:C/A:C	4.9	10.0	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.5	HIGH	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H	1.6	5.9	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-1023

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-1023

http://www.securityfocus.com/bid/103606

Microsoft Edge CVE-2018-1023 Remote Memory Corruption Vulnerability
Third Party Advisory;VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1023

CVE-2018-1023 | Microsoft Browser Memory Corruption Vulnerability
Patch;Vendor Advisory
http://www.securitytracker.com/id/1040650

Microsoft Edge Multiple Object Memory Handling Errors Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-1023

Products affected by CVE-2018-1023

Exploit prediction scoring system (EPSS) score for CVE-2018-1023

CVSS scores for CVE-2018-1023

CWE ids for CVE-2018-1023

References for CVE-2018-1023