HTTP: Microsoft Edge CVE-2018-0874 Chakra Scripting Engine Memory Corruption

This signature detects an attempt to exploit a Memory Corruption vulnerability in Chakra Engine on Microsoft Edge. Successful exploitation could lead to remote code execution.

Extended Description

ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.

References

CVE: CVE-2018-0874

Short Name
HTTP:STC:IE:CVE-2018-0874-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-0874 Chakra Corruption Edge Engine Memory Microsoft Scripting
Release Date
03/13/2018
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3415
False Positive
Unknown
CVSS Score

7.6

Found a potential security threat?