Is CVE-2018-0860 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Corporation Edge, Chakracore

CVE-2018-0860

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vu…

EPSS: 0.793 (99.1th percentile) — read the EPSS interpretation.

Affected products

Microsoft Corporation Edge, Chakracore — versions Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016.

Public proof-of-concept exploits

References

44076 (exploit, x_refsource_EXPLOIT-DB)
102883 (vdb-entry, x_refsource_BID)
1040372 (vdb-entry, x_refsource_SECTRACK)
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0860 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-0860?: CVE-2018-0860 is a vulnerability in Microsoft Corporation Edge, Chakracore. Published 2018-02-15.
Is CVE-2018-0860 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.