| Severity | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE ID | CVE-2018-8643 CVE-2018-8631 CVE-2018-8619 CVE-2018-8625 |
| CVSSv3 |
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] |
| CWE ID |
CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Microsoft Internet Explorer |
| Vulnerable software versions |
Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
| Vendor URL | Microsoft |
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when the scripting engine handles objects in memory in Internet Explorer. A remote attacker can create a specially website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
RemediationInstall updates from vendor's website.
External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8643
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when Internet Explorer improperly accesses objects in memory. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
RemediationInstall updates from vendor's website.
External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8631
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
RemediationInstall updates from vendor's website.
External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8619
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when the VBScript engine handles objects in memory. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
RemediationInstall updates from vendor's website.
External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8625