Information Disclosure Vulnerability in Microsoft Browsers and Scripting Engine
CVE-2018-8315

4.2MEDIUM

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
13 September 2018

What is CVE-2018-8315?

An information disclosure vulnerability occurs when the browser scripting engine improperly handles object types. This can lead to exposure of sensitive information to unauthorized users. The issue affects multiple versions of Microsoft’s browsers, including Internet Explorer 11, Internet Explorer 10, and Microsoft Edge, alongside the ChakraCore scripting engine. Attackers may exploit this vulnerability through crafted web content, potentially giving them access to information intended to be kept secure.

Affected Version(s)

ChakraCore ChakraCore

Internet Explorer 10 Windows Server 2012

Internet Explorer 11 Windows 10 for 32-bit Systems

References

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.