VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-jg9m-x53z-4qe1

Essentials
Severities (15)
References (13)
Severity details (14)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-jg9m-x53z-4qe1
Aliases	CVE-2018-0933 GHSA-3j65-2jcq-w9fr
Summary	Out-of-bounds Write ChakraCore and Microsoft Windows Gold, and Windows Server allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-787	Out-of-bounds Write
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.76952	https://api.first.org/data/v1/epss?cve=CVE-2018-0933
cvssv3.1	7.5	https://github.com/chakra-core/ChakraCore
generic_textual	HIGH	https://github.com/chakra-core/ChakraCore
cvssv3.1	7.5	https://github.com/chakra-core/ChakraCore/commit/6d5532d867202bc2e1b8b6b8c6f9c1c44a0f5ab8
generic_textual	HIGH	https://github.com/chakra-core/ChakraCore/commit/6d5532d867202bc2e1b8b6b8c6f9c1c44a0f5ab8
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2018-0933
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2018-0933
cvssv3.1	7.5	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0933
generic_textual	HIGH	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0933
cvssv3.1	7.5	https://web.archive.org/web/20201021051922/http://www.securitytracker.com/id/1040507
generic_textual	HIGH	https://web.archive.org/web/20201021051922/http://www.securitytracker.com/id/1040507
cvssv3.1	7.5	https://web.archive.org/web/20210124144714/http://www.securityfocus.com/bid/103274
generic_textual	HIGH	https://web.archive.org/web/20210124144714/http://www.securityfocus.com/bid/103274
cvssv3.1	7.5	https://www.exploit-db.com/exploits/44396
generic_textual	HIGH	https://www.exploit-db.com/exploits/44396

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2018-0933
		https://github.com/chakra-core/ChakraCore
		https://github.com/chakra-core/ChakraCore/commit/6d5532d867202bc2e1b8b6b8c6f9c1c44a0f5ab8
		https://web.archive.org/web/20201021051922/http://www.securitytracker.com/id/1040507
		https://web.archive.org/web/20210124144714/http://www.securityfocus.com/bid/103274
		https://www.exploit-db.com/exploits/44396
		https://www.exploit-db.com/exploits/44396/
		http://www.securityfocus.com/bid/103274
		http://www.securitytracker.com/id/1040507
CVE-2018-0933		https://nvd.nist.gov/vuln/detail/CVE-2018-0933
CVE-2018-0933		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0933
CVE-2018-0934;CVE-2018-0933	Exploit	https://bugs.chromium.org/p/project-zero/issues/detail?id=1502&desc=2
CVE-2018-0934;CVE-2018-0933	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/44396.js

Data source	Exploit-DB
Date added	April 3, 2018
Description	Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) (1)
Ransomware campaign use	Known
Source publication date	April 3, 2018
Exploit type	dos
Platform	windows
Source update date	April 4, 2018
Source URL	https://bugs.chromium.org/p/project-zero/issues/detail?id=1502&desc=2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/chakra-core/ChakraCore

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/chakra-core/ChakraCore/commit/6d5532d867202bc2e1b8b6b8c6f9c1c44a0f5ab8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-0933

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0933

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20201021051922/http://www.securitytracker.com/id/1040507

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20210124144714/http://www.securityfocus.com/bid/103274

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/44396

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.98978
EPSS Score	0.76952
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:37:35.599187+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.ChakraCore/CVE-2018-0933.yml	38.6.0