CVE-2018-8653
CVE-2018-8653
In short
Internet Explorer's scripting engine incorrectly handles objects in memory, allowing an attacker to execute arbitrary code remotely by crafting a malicious webpage. This is a critical flaw because it bypasses the browser's security protections.
Technical detail
Memory corruption vulnerability in the scripting engine of IE 9, 10, and 11 enables remote code execution when a user visits a malicious webpage containing crafted objects. The attack requires user interaction (visiting the webpage) and succeeds due to improper memory handling in object processing, leading to full system compromise.
Summary generated and translated by AI from the official description.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft · Internet Explorer 10Microsoft · Internet Explorer 11Microsoft · Internet Explorer 9Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →