CVE-2018-0933

Scores

EPSS

0.770medium77.0%

0%20%40%60%80%100%

Percentile: 77.0%

CVSS

7.5high3.x

0246810

CVSS Score: 7.5/10

All CVSS Scores

CVSS 3.x

7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0

7.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Description

ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka “Chakra Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

msrcnvd

CWEs

CWE-787

Related Vulnerabilities

BDU:2018-00560

Exploits

Exploit ID: 44396

Source: exploitdb

URL: https://www.exploit-db.com/exploits/44396

Vulnerable Software (8)

Type: Configuration

Vendor: microsoft

Product: chakracore

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",      "versionEndExcluding": "1.8.2",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: microsoft

Product: edge

Operating System: * * *

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR"    }, ...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"        }      ],      "operator": "OR"    }  ],  "operator": "AND"}

Source: nvd

Type: Windows KB

Vendor: Microsoft

Product: Windows

Version: 14393.2125

Operating System: Windows 14393 build 2125

Identifier: KB4088787

Source: msrc

Type: Windows KB

Vendor: Microsoft

Product: Windows

Version: 10586.1478

Operating System: Windows 10586 build 1478

Identifier: KB4088779

Source: msrc

Type: Windows KB

Vendor: Microsoft

Product: Windows

Version: 10586.1540

Operating System: Windows 10586 build 1540

Identifier: KB4093109

Source: msrc

Type: Windows KB

Vendor: Microsoft

Product: Windows

Version: 10240.17797

Operating System: Windows 10240 build 17797

Identifier: KB4088786

Source: msrc

Type: Windows KB

Vendor: Microsoft

Product: Windows

Version: 16299.309

Operating System: Windows 16299 build 309

Identifier: KB4088776

Source: msrc

Type: Windows KB

Vendor: Microsoft

Product: Windows

Version: 15063.966

Operating System: Windows 15063 build 966

Identifier: KB4088782

Source: msrc

Russian Vulnerability Scanner Database

CVE-2018-0933

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Related Vulnerabilities

Exploits

Vulnerable Software (8)