Information Disclosure Vulnerability in Microsoft Browsers and Scripting Engine
CVE-2018-8315

4.2MEDIUM

Key Information:

Vendor

Microsoft
Status
Chakracore
Internet Explorer 11
Microsoft Edge
Internet Explorer 10
Vendor
CVE Published:
13 September 2018

What is CVE-2018-8315?

An information disclosure vulnerability occurs when the browser scripting engine improperly handles object types. This can lead to exposure of sensitive information to unauthorized users. The issue affects multiple versions of Microsoft’s browsers, including Internet Explorer 11, Internet Explorer 10, and Microsoft Edge, alongside the ChakraCore scripting engine. Attackers may exploit this vulnerability through crafted web content, potentially giving them access to information intended to be kept secure.

Affected Version(s)

ChakraCore ChakraCore

Internet Explorer 10 Windows Server 2012

Internet Explorer 11 Windows 10 for 32-bit Systems

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/105251
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041623
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.