CVE-2018-8145

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Chakracore; Internet Explorer 11; Microsoft Edge; Internet Explorer 10
Vendor: CVE Published:; 9 May 2018

Summary

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.

Affected Version(s)

ChakraCore ChakraCore

Internet Explorer 10 Windows Server 2012

Internet Explorer 11 Windows 10 for 32-bit Systems

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

https://www.exploit-db.com/exploits/45011/

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/103986

vdb-entryx_refsource_BID

EPSS Score

90% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2018
Vulnerability Reserved
Mar 14, 2018

Collectors

NVD DatabaseMitre Database