CVE-2018-8470

Опубликовано: 13 сент. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11.

Ссылки

http://www.securityfocus.com/bid/105267
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041632
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8470
Patch
Vendor Advisory
http://www.securityfocus.com/bid/105267
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041632
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8470
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*

cpe:2.3:o:microsoft:windows_server:2008:r2:sp1:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server:2012:r2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server:2016:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.0081

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-8470

CVSS3: 4.3

msrc

больше 7 лет назад

Internet Explorer Security Feature Bypass Vulnerability

GHSA-pqxg-g3hm-5j49