Microsoft Edge Scripting Engine CVE-2018-0951 Remote Memory Corruption Vulnerability

Bugtraq ID:	103983
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2018-0951
Remote:	Yes
Local:	No
Published:	May 08 2018 12:00AM
Updated:	May 08 2018 12:00AM
Credit:	Yuki Chen of Qihoo 360 Vulcan Team
Vulnerable:	Microsoft Edge 0 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 Version 1607 for 32-bit Systems 0 + Microsoft Windows 10 Version 1607 for 32-bit Systems 0 + Microsoft Windows 10 Version 1607 for 32-bit Systems 0 + Microsoft Windows 10 Version 1607 for 32-bit Systems 0 + Microsoft Windows 10 Version 1607 for 32-bit Systems 0 + Microsoft Windows 10 Version 1607 for x64-based Systems 0 + Microsoft Windows 10 Version 1607 for x64-based Systems 0 + Microsoft Windows 10 Version 1607 for x64-based Systems 0 + Microsoft Windows 10 Version 1607 for x64-based Systems 0 + Microsoft Windows 10 Version 1607 for x64-based Systems 0 + Microsoft Windows 10 version 1703 for 32-bit Systems 0 + Microsoft Windows 10 version 1703 for 32-bit Systems 0 + Microsoft Windows 10 version 1703 for 32-bit Systems 0 + Microsoft Windows 10 version 1703 for 32-bit Systems 0 + Microsoft Windows 10 version 1703 for x64-based Systems 0 + Microsoft Windows 10 version 1703 for x64-based Systems 0 + Microsoft Windows 10 version 1703 for x64-based Systems 0 + Microsoft Windows 10 version 1703 for x64-based Systems 0 + Microsoft Windows 10 version 1709 for 32-bit Systems 0 + Microsoft Windows 10 version 1709 for 32-bit Systems 0 + Microsoft Windows 10 version 1709 for 32-bit Systems 0 + Microsoft Windows 10 version 1709 for 32-bit Systems 0 + Microsoft Windows 10 version 1709 for x64-based Systems 0 + Microsoft Windows 10 version 1709 for x64-based Systems 0 + Microsoft Windows 10 version 1709 for x64-based Systems 0 + Microsoft Windows 10 version 1709 for x64-based Systems 0 + Microsoft Windows 10 Version 1803 for 32-bit Systems 0 + Microsoft Windows 10 Version 1803 for 32-bit Systems 0 + Microsoft Windows 10 Version 1803 for x64-based Systems 0 + Microsoft Windows 10 Version 1803 for x64-based Systems 0 + Microsoft Windows Server 2016 0 + Microsoft Windows Server 2016 0 + Microsoft Windows Server 2016 0 + Microsoft Windows Server 2016 for x64-based Systems 0 + Microsoft Windows Server 2016 for x64-based Systems 0 + Microsoft Windows Server 2016 for x64-based Systems 0 + Microsoft Windows Server 2016 for x64-based Systems 0 + Microsoft Windows Server 2016 for x64-based Systems 0
Not Vulnerable:

Microsoft Edge Scripting Engine CVE-2018-0951 Remote Memory Corruption Vulnerability

Microsoft Edge is prone to a remote memory-corruption vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.

Microsoft Edge Scripting Engine CVE-2018-0951 Remote Memory Corruption Vulnerability

References:

• ChakraCore Product Page (Microsoft)
  
• Microsoft Homepage (Microsoft)
  
• CVE-2018-0951 | Scripting Engine Memory Corruption Vulnerability (Microsoft)