4.3

CVE-2018-0891

Exploit
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0939.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version9
   MicrosoftWindows Server 2008 Updatesp2
MicrosoftEdge
   MicrosoftWindows 10 Version-
   MicrosoftWindows 10 Version1511
   MicrosoftWindows 10 Version1607
   MicrosoftWindows 10 Version1703
   MicrosoftWindows 10 Version1709
   MicrosoftWindows Server 2016
MicrosoftInternet Explorer Version11
   MicrosoftWindows 10 Version-
   MicrosoftWindows 10 Version1511
   MicrosoftWindows 10 Version1607
   MicrosoftWindows 10 Version1703
   MicrosoftWindows 10 Version1709
   MicrosoftWindows Server 2016
MicrosoftInternet Explorer Version11
   MicrosoftWindows 7 Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012 Versionr2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.74% 0.962
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

http://www.securitytracker.com/id/1040507
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/103309
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0891
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/44312/
Third Party Advisory
Exploit
VDB Entry