A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since March 25, 2022.

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Microsoft
  • Internet Explorer
  • Windows 10 1507
  • Windows 10 1607
  • Windows 10 1703
  • Windows 10 1709
  • Windows 10 1803
  • Windows 7
  • Windows 8.1
  • Windows Rt 8.1
  • Windows Server 2008
  • Windows Server 2012
  • Windows Server 2016

Configuration 1 [-]

AND
cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

No data.

References
Link Providers
http://www.securityfocus.com/bid/105037 cve-icon cve-icon
http://www.securitytracker.com/id/1041483 cve-icon cve-icon
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8373 cve-icon cve-icon
History

Tue, 10 Jun 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-03-25'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 08 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 10 1507
Microsoft windows 10 1607
Microsoft windows 10 1703
Microsoft windows 10 1709
Microsoft windows 10 1803
CPEs cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*		 cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x86:*
Vendors & Products Microsoft windows 10
Microsoft windows 10 1507
Microsoft windows 10 1607
Microsoft windows 10 1703
Microsoft windows 10 1709
Microsoft windows 10 1803
Metrics cvssV3_0

{'score': 7.5, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Fri, 07 Feb 2025 17:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2018-08-15T17:00:00.000Z

Updated: 2025-06-10T16:47:58.986Z

Reserved: 2018-03-14T00:00:00.000Z

Link: CVE-2018-8373

cve-icon Vulnrichment

Updated: 2024-08-05T06:54:36.210Z

cve-icon NVD

Status : Analyzed

Published: 2018-08-15T17:29:06.673

Modified: 2025-04-08T15:50:02.530

Link: CVE-2018-8373

cve-icon Redhat

No data.