VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-hp26-tbjy-fqdn

Essentials
Severities (19)
References (16)
Severity details (18)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-hp26-tbjy-fqdn
Aliases	CVE-2018-8291 GHSA-j67m-wpv6-pv44
Summary	Access of Resource Using Incompatible Type ('Type Confusion') A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-843	Access of Resource Using Incompatible Type ('Type Confusion')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.76284	https://api.first.org/data/v1/epss?cve=CVE-2018-8291
cvssv3.1	7.5	https://github.com/chakra-core/ChakraCore
generic_textual	HIGH	https://github.com/chakra-core/ChakraCore
cvssv3.1	7.5	https://github.com/chakra-core/ChakraCore/commit/c322694178ece209b0aa73eafd97a036def86eb1
generic_textual	HIGH	https://github.com/chakra-core/ChakraCore/commit/c322694178ece209b0aa73eafd97a036def86eb1
cvssv3.1	7.5	https://github.com/chakra-core/ChakraCore/pull/5444
generic_textual	HIGH	https://github.com/chakra-core/ChakraCore/pull/5444
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2018-8291
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2018-8291
cvssv3.1	7.5	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8291
generic_textual	HIGH	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8291
cvssv3.1	7.5	https://web.archive.org/web/20210124183732/http://www.securityfocus.com/bid/104637
generic_textual	HIGH	https://web.archive.org/web/20210124183732/http://www.securityfocus.com/bid/104637
cvssv3.1	7.5	https://web.archive.org/web/20210515050150/http://www.securitytracker.com/id/1041258
generic_textual	HIGH	https://web.archive.org/web/20210515050150/http://www.securitytracker.com/id/1041258
cvssv3.1	7.5	https://web.archive.org/web/20211202002348/http://www.securitytracker.com/id/1041256
generic_textual	HIGH	https://web.archive.org/web/20211202002348/http://www.securitytracker.com/id/1041256
cvssv3.1	7.5	https://www.exploit-db.com/exploits/45215
generic_textual	HIGH	https://www.exploit-db.com/exploits/45215

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2018-8291
		https://github.com/chakra-core/ChakraCore
		https://github.com/chakra-core/ChakraCore/commit/c322694178ece209b0aa73eafd97a036def86eb1
		https://github.com/chakra-core/ChakraCore/pull/5444
		https://web.archive.org/web/20210124183732/http://www.securityfocus.com/bid/104637
		https://web.archive.org/web/20210515050150/http://www.securitytracker.com/id/1041258
		https://web.archive.org/web/20211202002348/http://www.securitytracker.com/id/1041256
		https://www.exploit-db.com/exploits/45215
		https://www.exploit-db.com/exploits/45215/
		http://www.securityfocus.com/bid/104637
		http://www.securitytracker.com/id/1041256
		http://www.securitytracker.com/id/1041258
CVE-2018-8291	Exploit	https://bugs.chromium.org/p/project-zero/issues/detail?id=1576
CVE-2018-8291	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/45215.js
CVE-2018-8291		https://nvd.nist.gov/vuln/detail/CVE-2018-8291
CVE-2018-8291		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8291

Data source	Exploit-DB
Date added	Aug. 17, 2018
Description	Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion
Ransomware campaign use	Known
Source publication date	Aug. 17, 2018
Exploit type	dos
Platform	windows
Source update date	Aug. 17, 2018
Source URL	https://bugs.chromium.org/p/project-zero/issues/detail?id=1576

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/chakra-core/ChakraCore

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/chakra-core/ChakraCore/commit/c322694178ece209b0aa73eafd97a036def86eb1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/chakra-core/ChakraCore/pull/5444

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-8291

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8291

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20210124183732/http://www.securityfocus.com/bid/104637

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20210515050150/http://www.securitytracker.com/id/1041258

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20211202002348/http://www.securitytracker.com/id/1041256

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/45215

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.98949
EPSS Score	0.76284
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:38:00.328281+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.ChakraCore/CVE-2018-8291.yml	38.6.0