CVE-2018-8373

CVSS 7.5 HIGHEPSS 61.9%● KEVCWE-787

In short

A flaw in Internet Explorer's scripting engine allows attackers to run malicious code on your computer when you visit a compromised website. This happens because the browser doesn't properly manage memory when handling scripts.

Technical detail

Memory corruption vulnerability in Internet Explorer's scripting engine (versions 9, 10, 11) allows remote code execution via crafted script content. Exploitation requires user interaction (visiting malicious webpage); successful exploitation grants attacker code execution in the context of the current user.

Summary generated and translated by AI from the official description.

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Microsoft · Internet Explorer 10 Microsoft · Internet Explorer 11 Microsoft · Internet Explorer 9

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8373 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8373 http://www.securityfocus.com/bid/105037 http://www.securitytracker.com/id/1041483