Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2018-8145

Опубликовано: 08 мая 2018
Источник: msrc
CVSS3: 4.3
EPSS Высокий

Описание

Scripting Engine Information Disclosure Vulnerability

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.

To exploit the vulnerability, an attacker must know the memory address of where the object was created.

The update addresses the vulnerability by changing the way certain functions handle objects in memory.

Обновления

ПродуктСтатьяОбновление
ChakraCore
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems
4103721
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems
4103721
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems
4103731
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems
4103731
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems
4103727
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems
4103727
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems
4103716
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems
4103716
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems
4103723
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Unlikely

Older Software Release

N/A

EPSS

Процентиль: 99%
0.72843
Высокий

4.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-8145

CVSS3: 7.5
nvd
больше 7 лет назад

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.

github логотип

GHSA-xphq-3x6q-q2qq

CVSS3: 7.5
github
больше 3 лет назад

ChakraCore information disclosure vulnerability

fstec логотип

BDU:2018-00819

CVSS3: 7.5
fstec
больше 7 лет назад

Уязвимость обработчика JavaScript-сценариев ChakraCore браузеров Internet Explorer и Microsoft Edge позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 99%
0.72843
Высокий

4.3 Medium

CVSS3