CVE-2018-8373

CVE Database · CVE-2018-8373

CVE-2018-8373

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

61.91%

Published

Aug 15, 2018

Modified

Oct 28, 2025

CISA Known Exploited Vulnerability

Added: 2022-03-25 · Due: 2022-04-15

Apply updates per vendor instructions.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787CWE-787

Affected Products (21)

microsoft · internet_explorervulnerable

microsoft · windows_10_1507

microsoft · windows_10_1607

microsoft · windows_10_1703

microsoft · windows_10_1709

microsoft · windows_10_1803

microsoft · windows_7