CyberSec.Space Logo
Back to CVE Browser

CVE-2018-8298

Known Exploited (CISA KEV)HIGH
7.5
CVSS Severity Score
EPSS Score66.7610%
EPSS Percentile88.27th
PublishedJul 11, 2018
Last ModifiedOct 28, 2025

Vulnerability Description

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Chakracore

< 1.10.1

References & Advisories

πŸ”— http://www.securityfocus.com/bid/104639
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8298
πŸ”— https://www.exploit-db.com/exploits/45217/
πŸ”— http://www.securityfocus.com/bid/104639
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8298
πŸ”— https://www.exploit-db.com/exploits/45217/
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8298

Related Vulnerabilities

CVE-2017-117679.8

ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engin...

CVE-2018-85009.8

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scrip...

CVE-2020-10738.1

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scrip...

CVE-2019-05687.5

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Ed...