Information Disclosure Vulnerability in Chakra Scripting Engine Affects Microsoft Products
CVE-2018-8145

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Chakracore
Internet Explorer 11
Microsoft Edge
Internet Explorer 10
Vendor
CVE Published:
9 May 2018

Summary

An information disclosure vulnerability exists in the Chakra Scripting Engine due to improper memory management. This flaw may allow attackers to extract sensitive information from memory, potentially leading to further exploitation of the user's system or data compromise. Affected products include ChakraCore, Internet Explorer 11, Microsoft Edge, and Internet Explorer 10, putting users at risk of unauthorized access to their personal and sensitive data.

Affected Version(s)

ChakraCore ChakraCore

Internet Explorer 10 Windows Server 2012

Internet Explorer 11 Windows 10 for 32-bit Systems

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/45011/
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/103986
vdb-entryx_refsource_BID

EPSS Score

88% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.