CVE-2018-8315

4.2MEDIUM

Key Information:

Vendor: Microsoft
Status: Chakracore; Internet Explorer 11; Microsoft Edge; Internet Explorer 10
Vendor: CVE Published:; 13 September 2018

Summary

An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10.

Affected Version(s)

ChakraCore ChakraCore

Internet Explorer 10 Windows Server 2012

Internet Explorer 11 Windows 10 for 32-bit Systems

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/105251

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1041623

vdb-entryx_refsource_SECTRACK

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2018
Vulnerability Reserved
Mar 14, 2018

Collectors

NVD DatabaseMitre Database