HTTP: Microsoft Edge and Internet Explorer Chakra CVE-2018-8145 Heap Buffer Overflow
This signature detects attempt to exploit a heap buffer overflow vulnerability which has been reported in Microsoft Edge's and Microsoft Internet Explorer's Chakra JavaScript Engine. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.
Extended Description
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.
Affected Products
Microsoft chakracore
Short Name
HTTP:STC:CVE-2018-8145-BOF
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2018-8145 Chakra Edge Explorer Heap Internet Microsoft Overflow and bid:103986
Release Date
09/11/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3792
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.6