BROWSER-IE Microsoft Edge empty prototype use-after-free attempt
This event is generated when a crafted web page designed to exploit Microsoft Edge traverses the network.
Attempted User Privilege Gain
CVSS base score 7.5
CVSS impact score 5.9
CVSS exploitability score 1.6
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH
A type confusion vulnerability is found in Edge. This vulnerability can be exploited to achieve remote code execution.
CVE-2018-8459: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8457.
- microsoft chakracore 1.10.1
- microsoft edge -
Ease of attack
- Cisco's Talos Intelligence Group