CVE-2018-0780

Опубликовано: 04 янв. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 2.6

EPSS Высокий

Описание

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800.

Ссылки

http://www.securityfocus.com/bid/102389
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040100
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0780
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/43720/
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/102389
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040100
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0780
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/43720/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*

Версия до 1.7.6 (исключая)

EPSS

Процентиль: 99%

0.72893

Высокий

5.3 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2018-0780

CVSS3: 4.2

msrc

больше 7 лет назад

Chakra Scripting Engine Memory Corruption Vulnerability

GHSA-h993-2hv4-q866