CVE Database · CVE-2018-8653
CVSS v3.1
7.5
EPSS
29.11%
Published
Dec 20, 2018
Modified
Oct 29, 2025
CISA Known Exploited Vulnerability
Added: 2021-11-03 · Due: 2022-05-03
Apply updates per vendor instructions.
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HWeaknesses (CWE)
Affected Products (18)
References (5)