Is CVE-2018-0891 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Corporation Chakracore, Edge, Internet Explorer

CVE-2018-0891

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709…

EPSS: 0.566 (98.2th percentile) — read the EPSS interpretation.

Affected products

Microsoft Corporation Chakracore, Edge, Internet Explorer — versions Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016.

Public proof-of-concept exploits

References

103309 (vdb-entry, x_refsource_BID)
44312 (exploit, x_refsource_EXPLOIT-DB)
1040507 (vdb-entry, x_refsource_SECTRACK)
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0891 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-0891?: CVE-2018-0891 is a vulnerability in Microsoft Corporation Chakracore, Edge, Internet Explorer. Published 2018-03-14.
Is CVE-2018-0891 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.