CVE-2018-8452

4.3MEDIUM

Key Information:

Vendor: Microsoft
Status: Chakracore; Internet Explorer 11; Microsoft Edge
Vendor: CVE Published:; 13 September 2018

Summary

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge.

Affected Version(s)

ChakraCore ChakraCore

Internet Explorer 11 Windows 10 for 32-bit Systems

Internet Explorer 11 Windows 10 for x64-based Systems

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/105252

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1041623

vdb-entryx_refsource_SECTRACK

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2018
Vulnerability Reserved
Mar 14, 2018

Collectors

NVD DatabaseMitre Database