CVE-2018-0949

Опубликовано: 10 июл. 2018

Источник: msrc

CVSS3: 2.4

EPSS Средний

Описание

Internet Explorer Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources. An attacker who successfully exploited the vulnerability could force the browser to load data that would otherwise be restricted.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how affected Microsoft Internet Explorer handles requests involving UNC resources.

Обновления

Продукт	Статья	Обновление
Internet Explorer 10 on Windows Server 2012	4338830 4339093 4338816 4345425	Monthly Rollup IE Cumulative Preview Rollup Standalone
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2	4339093	IE Cumulative
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2	4339093	IE Cumulative
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1	4339093 4338818 4338821 4345459	IE Cumulative Monthly Rollup Preview Rollup Standalone
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1	4339093 4338818 4338821 4345459	IE Cumulative Monthly Rollup Preview Rollup Standalone
Internet Explorer 11 on Windows 8.1 for 32-bit systems	4339093 4338815 4338831 4345424	IE Cumulative Monthly Rollup Preview Rollup Standalone
Internet Explorer 11 on Windows 8.1 for x64-based systems	4339093 4338815 4338831 4345424	IE Cumulative Monthly Rollup Preview Rollup Standalone
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1	4339093 4338818 4338821 4345459	IE Cumulative Monthly Rollup Preview Rollup Standalone
Internet Explorer 11 on Windows Server 2012 R2	4339093 4338815 4338831 4345424	IE Cumulative Monthly Rollup Preview Rollup Standalone
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems	4338826 4345419	Security Update Alternate Cumulative

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation More Likely

Older Software Release

Exploitation More Likely

EPSS

Процентиль: 96%

0.22314

Средний

2.4 Low

CVSS3

Связанные уязвимости

CVE-2018-0949

CVSS3: 6.5

nvd

почти 7 лет назад

A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.

GHSA-cf5q-23qm-9wq6