CVE-2018-8315

Опубликовано: 11 сент. 2018

Источник: msrc

CVSS3: 4.2

EPSS Низкий

Описание

Microsoft Scripting Engine Information Disclosure Vulnerability

An information disclosure vulnerability exists when the browser scripting engine improperly handle object types.

An attacker who has successfully exploited this vulnerability might be able to read privileged data across trust boundaries. In browsing scenarios, an attacker could convince a user to visit a malicious site and leverage the vulnerability to obtain privileged information from the browser process, such as sensitive data from other opened tabs. An attacker could also inject malicious code into advertising networks used by trusted sites or embed malicious code on a compromised, but trusted, site.

The security update addresses the vulnerability by correcting how the browser scripting engine handles object types.

FAQ

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

Обновления

Продукт	Статья	Обновление
ChakraCore		Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems	4457138	Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems	4457138	Security Update
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems	4457138	Security Update
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems	4457138	Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems	4457128	Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems	4457128	Security Update
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems	4457128	Security Update
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems	4457128	Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems	4457142	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

N/A

DOS

N/A

EPSS

Процентиль: 72%

0.00749

Низкий

4.2 Medium

CVSS3

Связанные уязвимости

CVE-2018-8315

CVSS3: 4.2

nvd

почти 7 лет назад

An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10.

GHSA-93c7-2942-3h47

CVSS3: 4.2

github

больше 3 лет назад

ChakraCore information disclosure vulnerability

BDU:2018-01115

CVSS3: 4.2

fstec

почти 7 лет назад

Уязвимость обработчика JavaScript-сценариев ChakraCore браузеров Microsoft Edge и Internet Explorer, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 72%

0.00749

Низкий

4.2 Medium

CVSS3