Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2018-0998

Опубликовано: 10 апр. 2018
Источник: msrc
CVSS3: 4.3
EPSS Низкий

Описание

Microsoft Edge PDF Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that contains malicious PDF content. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted PDF content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.

The security update addresses the vulnerability by modifying how Microsoft Edge PDF Reader handles objects in memory.

Обновления

ПродуктСтатьяОбновление
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems
4093107
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems
4093107
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems
4093112
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems
4093112
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems
4093119
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems
4093119
Security Update
Microsoft Edge (EdgeHTML-based) on Windows Server 2016
4093119
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

N/A

DOS

N/A

EPSS

Процентиль: 91%
0.06705
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-0998

CVSS3: 4.3
nvd
около 7 лет назад

An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892.

github логотип

GHSA-rpc6-p2hj-p63g

CVSS3: 4.3
github
около 3 лет назад

An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892.

EPSS

Процентиль: 91%
0.06705
Низкий

4.3 Medium

CVSS3