Lucene search
HistoryApr 12, 2018 - 1:29 a.m.
CVE-2018-1023
microsoft
browsers
remote code execution
vulnerability
memory corruption
nvd
cve-2018-1023
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
0.061 Low
EPSS
Percentile
93.6%
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka âMicrosoft Browser Memory Corruption Vulnerability.â This affects Microsoft Edge, ChakraCore.
Affected configurations
Node
microsoftedgeMatchWindows 10 for 32-bit Systems
ORmicrosoftedgeMatchWindows 10 for x64-based Systems
ORmicrosoftedgeMatchWindows 10 Version 1511 for 32-bit Systems
ORmicrosoftedgeMatchWindows 10 Version 1511 for x64-based Systems
ORmicrosoftedgeMatchWindows 10 Version 1607 for 32-bit Systems
ORmicrosoftedgeMatchWindows 10 Version 1607 for x64-based Systems
ORmicrosoftedgeMatchWindows 10 Version 1703 for 32-bit Systems
ORmicrosoftedgeMatchWindows 10 Version 1703 for x64-based Systems
ORmicrosoftedgeMatchWindows 10 Version 1709 for 32-bit Systems
ORmicrosoftedgeMatchWindows 10 Version 1709 for x64-based Systems
ORmicrosoftedgeMatchWindows Server 2016
ORmicrosoftchakracore
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | edge | Windows 10 for 32-bit Systems | cpe:2.3:a:microsoft:edge:Windows 10 for 32-bit Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 for x64-based Systems | cpe:2.3:a:microsoft:edge:Windows 10 for x64-based Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1511 for 32-bit Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1511 for 32-bit Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1511 for x64-based Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1511 for x64-based Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1607 for 32-bit Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1607 for 32-bit Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1607 for x64-based Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1607 for x64-based Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1703 for 32-bit Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1703 for 32-bit Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1703 for x64-based Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1703 for x64-based Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1709 for 32-bit Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1709 for 32-bit Systems:*:*:*:*:*:*:* |
| microsoft | edge | Windows 10 Version 1709 for x64-based Systems | cpe:2.3:a:microsoft:edge:Windows 10 Version 1709 for x64-based Systems:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Microsoft Edge",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 10 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1511 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1511 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2016"
}
]
},
{
"product": "ChakraCore",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "ChakraCore"
}
]
}
]Related
prion
prion
Remote code execution
2018-04-12 01:29:00
mscve
mscve
Microsoft Browser Memory Corruption Vulnerability
2018-04-10 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Browser Memory Corruption (CVE-2018-1023)
2018-04-10 00:00:00
nvd
nvd
CVE-2018-1023
2018-04-12 01:29:10
symantec
symantec
Microsoft Edge CVE-2018-1023 Remote Memory Corruption Vulnerability
2018-04-10 00:00:00
cvelist
cvelist
CVE-2018-1023
2018-04-12 01:00:00
kaspersky
kaspersky
KLA11222 Multiple vulnerabilities in Microsoft Browsers
2018-04-10 00:00:00
mskb
mskb
April 10, 2018âKB4093109 (OS Build 10586.1540)
2018-04-10 07:00:00
April 10, 2018âKB4093111 (OS Build 10240.17831)
2018-04-10 07:00:00
April 10, 2018âKB4093119 (OS Build 14393.2189)
2018-05-08 07:00:00
nessus
nessus
KB4093109: Windows 10 Version 1511 April 2018 Security Update
2018-04-10 00:00:00
KB4093111: Windows 10 April 2018 Security Update
2018-04-10 00:00:00
KB4093107: Windows 10 Version 1703 April 2018 Security Update
2018-04-10 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4093111)
2018-04-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4093109)
2018-04-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4093107)
2018-04-11 00:00:00
trendmicroblog
trendmicroblog
talosblog
talosblog
Microsoft Patch Tuesday - April 2018
2018-04-10 13:13:00
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
0.061 Low
EPSS
Percentile
93.6%
Related for CVE-2018-1023