← back
CVE-2018-8298

CVE-2018-8298

CVSS 7.5 HIGHEPSS 75.3%● KEVCWE-843
In short

A memory corruption flaw in ChakraCore's JavaScript engine allows attackers to run malicious code remotely by crafting specially designed objects that corrupt memory when processed.

Technical detail

CWE-843 type confusion/object memory corruption in ChakraCore's object handling enables remote code execution without authentication. Attack vector is network-based through malicious scripts; exploitation requires the engine to process a crafted object that triggers unsafe memory operations leading to arbitrary code execution.

Summary generated and translated by AI from the official description.
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft · ChakraCore
public PoCs found2
cve_referencewww.exploit-db.com/exploits/45217/unverifiedexploitdbwww.exploit-db.com/exploits/45217unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8298https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8298https://www.exploit-db.com/exploits/45217/http://www.securityfocus.com/bid/104639