CVE-2018-8276

A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
microsoftedge
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
1703 (x64, x86)
KB4345419
1709 (x64, x86)
KB4345420
1803 (x64, x86)
KB4345421
References
http://www.securityfocus.com/bid/104626
http://www.securitytracker.com/id/1041256
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8276
http://www.securityfocus.com/bid/104626
http://www.securitytracker.com/id/1041256
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8276