CVE-2018-0954

HIGH

Description

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.

References

http://www.securityfocus.com/bid/103991

http://www.securitytracker.com/id/1040844

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0954

Details

Source: MITRE

Published: 2018-05-09

Updated: 2020-08-24

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 7.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 4.9

Severity: HIGH

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.6

Severity: HIGH

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
109613Security Updates for Internet Explorer (May 2018)NessusWindows : Microsoft Bulletins
high
109611KB4103731: Windows 10 Version 1703 May 2018 Security UpdateNessusWindows : Microsoft Bulletins
high
109610KB4103726: Windows Server 2012 May 2018 Security UpdateNessusWindows : Microsoft Bulletins
high
109608KB4103727: Windows 10 Version 1709 and Windows Server Version 1709 May 2018 Security UpdateNessusWindows : Microsoft Bulletins
high
109607KB4103715: Windows 8.1 and Windows Server 2012 R2 May 2018 Security UpdateNessusWindows : Microsoft Bulletins
high
109606KB4103723: Windows 10 Version 1607 and Windows Server 2016 May 2018 Security UpdateNessusWindows : Microsoft Bulletins
high
109605KB4103721: Windows 10 Version 1803 and Windows Server Version 1803 May 2018 Security UpdateNessusWindows : Microsoft Bulletins
high
109604KB4103712: Windows 7 and Windows Server 2008 R2 May 2018 Security UpdateNessusWindows : Microsoft Bulletins
high
109603KB4103716: Windows 10 May 2018 Security UpdateNessusWindows : Microsoft Bulletins
high