CVE-2018-1022
First published: Wed May 09 2018(Updated: )
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| nuget/Microsoft.ChakraCore | <1.8.4 | 1.8.4 |
| Microsoft Edge Beta | ||
| Internet Explorer | =11 | |
| ChakraCore | <=1.8.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2018-1022
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1022
- https://github.com/chakra-core/ChakraCore/commit/28928cba24968ed11022608f466c4ccc3470e64d
- https://web.archive.org/web/20210124164250/http://www.securityfocus.com/bid/103978
- https://web.archive.org/web/20211204185256/http://www.securitytracker.com/id/1040844
- https://github.com/advisories/GHSA-wjmf-6x7g-xq67 (Advisory)
- http://www.securityfocus.com/bid/103978
- http://www.securitytracker.com/id/1040844
Frequently Asked Questions
What is the severity of CVE-2018-1022?
CVE-2018-1022 has a critical severity rating due to its potential for remote code execution.
How do I fix CVE-2018-1022?
To remediate CVE-2018-1022, update your Internet Explorer 11 or Microsoft Edge to the latest version or install the relevant security patch.
Which versions of software are affected by CVE-2018-1022?
CVE-2018-1022 affects Internet Explorer 11, Microsoft Edge, and ChakraCore versions up to 1.8.3.
What types of attacks can exploit CVE-2018-1022?
CVE-2018-1022 can be exploited through malicious web pages that can execute arbitrary code in the context of the user's session.
Are there any workarounds for CVE-2018-1022?
As a workaround for CVE-2018-1022, consider using alternative browsers until the affected software can be updated.
- collector/github-advisory-latest
- alias/GHSA-wjmf-6x7g-xq67
- alias/CVE-2018-1022
- collector/github-advisory
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/trending
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- package-manager/nuget
- vendor/microsoft
- canonical/microsoft edge beta
- canonical/internet explorer
- version/internet explorer/11
- canonical/chakracore
- version/chakracore/1.8.3