CVSS: 7.6EPSS: 84%CPEs: 16EXPL: 2CVE-2018-8353 – Microsoft Windows - JScript RegExp.lastIndex Use-After-Free
https://notcve.org/view.php?id=CVE-2018-8353
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. Existe una vulnerabilidad de ejecución remota de código que se manifiesta en la forma en la que el motor de scripting gestiona los objetos en la memoria en Internet Explorer. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". • https://www.exploit-db.com/exploits/45279 https://github.com/whereisr0da/CVE-2018-8353-POC http://www.securityfocus.com/bid/105034 http://www.securitytracker.com/id/1041483 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8353 • CWE-416: Use After Free •
CVSS: 7.6EPSS: 27%CPEs: 14EXPL: 0CVE-2018-8316 – Microsoft Office Word Preview Unsafe Hyperlink Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-8316
A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 11, Internet Explorer 10. Existe una vulnerabilidad de ejecución remota de código cuando Internet Explorer valida incorrectamente hipervínculos antes de cargar librerías ejecutables. Esto también se conoce como "Internet Explorer Remote Code Execution Vulnerability". Esto afecta a Internet Explorer 11 e Internet Explorer 10. • http://www.securityfocus.com/bid/105013 http://www.securitytracker.com/id/1041483 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8316 • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 14%CPEs: 16EXPL: 0CVE-2018-8371 – Microsoft Windows VBScript Class_Terminate Use After Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-8371
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. Existe una vulnerabilidad de ejecución remota de código que se manifiesta en la forma en la que el motor de scripting gestiona los objetos en la memoria en Internet Explorer. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/105035 http://www.securitytracker.com/id/1041483 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8371 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 89%CPEs: 16EXPL: 0CVE-2018-8373 – Microsoft Scripting Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2018-8373
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. Existe una vulnerabilidad de ejecución remota de código que se manifiesta en la forma en la que el motor de scripting gestiona los objetos en la memoria en Internet Explorer. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/105037 http://www.securitytracker.com/id/1041483 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8373 • CWE-787: Out-of-bounds Write •
CVSS: 7.6EPSS: 94%CPEs: 20EXPL: 1CVE-2018-8291 – Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion
https://notcve.org/view.php?id=CVE-2018-8291
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298. Existe una vulnerabilidad de ejecución remota de código que se manifiesta en la forma en la que el motor de scripting gestiona los objetos en la memoria en los navegadores de Microsoft. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". • https://www.exploit-db.com/exploits/45215 http://www.securityfocus.com/bid/104637 http://www.securitytracker.com/id/1041256 http://www.securitytracker.com/id/1041258 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8291 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •