CVE-2018-0800

Опубликовано: 04 янв. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 4.3

EPSS Средний

Описание

Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780.

Ссылки

http://www.securityfocus.com/bid/102392
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040100
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800
Patch
Vendor Advisory
http://www.securityfocus.com/bid/102392
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040100
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*

Версия до 1.7.6 (включая)

cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.16851

Средний

5.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2018-0800

CVSS3: 4.2

msrc

больше 7 лет назад

Chakra Scripting Engine Memory Corruption Vulnerability

GHSA-9hg5-fvv3-p692