Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2018-1025

Опубликовано: 08 мая 2018
Источник: msrc
CVSS3: 4.3
EPSS Низкий

Описание

Microsoft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.

The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.

Обновления

ПродуктСтатьяОбновление
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems
Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems
Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems
Microsoft Edge (EdgeHTML-based) on Windows Server 2016
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation More Likely

Older Software Release

N/A

DOS

N/A

EPSS

Процентиль: 89%
0.05133
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVSS3: 4.3
nvd
около 7 лет назад

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge.

CVSS3: 4.3
github
около 3 лет назад

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge.

EPSS

Процентиль: 89%
0.05133
Низкий

4.3 Medium

CVSS3