What is CVE-2018-0770?

CVE-2018-0770 is a vulnerability in Microsoft Corporation Edge. Published 2018-01-04.

Is CVE-2018-0770 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Corporation Edge

CVE-2018-0770

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting E…

EPSS: 0.778 (99.0th percentile) — read the EPSS interpretation.

Affected products

Microsoft Corporation Edge — versions Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016.

Public proof-of-concept exploits

References

44075 (exploit, x_refsource_EXPLOIT-DB)
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0770 (x_refsource_CONFIRM)
1040100 (vdb-entry, x_refsource_SECTRACK)
102397 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2018-0770?: CVE-2018-0770 is a vulnerability in Microsoft Corporation Edge. Published 2018-01-04.
Is CVE-2018-0770 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.