Home > Vulnerability Database > CVE-2018-1022

Mend.io Vulnerability Database

CVE-2018-1022

Good to know:

Date: May 9, 2018

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.

Language: C++

Severity Score

7.5

Related Resources (5)

Url: http://www.securitytracker.com/id/1040844

Url: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1022

Url: http://www.securityfocus.com/bid/103978

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-1022

Url: https://www.mend.io/vulnerability-database/CVE-2018-1022

Severity Score

7.5

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version Microsoft.ChakraCore - 1.8.4

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2018-1022

Good to know:

Date: May 9, 2018

Language: C++

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?