CVE-2018-0767

Опубликовано: 04 янв. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 2.6

EPSS Высокий

Описание

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800.

Ссылки

http://www.securityfocus.com/bid/102393
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040100
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0767
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/43522/
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/102393
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040100
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0767
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/43522/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*

Версия до 1.7.6 (исключая)

cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.72893

Высокий

5.3 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2018-0767

CVSS3: 4.3

msrc

больше 7 лет назад

Microsoft Edge Memory Corruption Vulnerability

GHSA-r43h-hxcp-5rhh