|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-09-04 | |
| Rule Name: | Microsoft Internet Explorer 11 Js-RegexHelper-RegexReplace Use-After-Free Vulnerability (CVE-2018-0866) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0861. | |
| Impact: | A use-after-free vulnerability can be exploited by an attacker in the vulnerable product. Successful exploit may cause some adverse consequences, such as crash of the product, execution of arbitrary code. | |
| Affected OS: | Windows, Others | |
| Reference: | SecurityFocusBID:103032 SecurityTrackerID:1040372 ExploitDB:44153 SecurityTrackerID:1040369 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0866 |