Main Vulnerability Database Vulnerabilities #VU12485

Information disclosure in Microsoft Edge - CVE-2018-8145

Published: May 8, 2018 / Updated: May 8, 2018

Vulnerability identifier: #VU12485

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-8145

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft Edge

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to improper disclosure of the contents of its memory by Chakra. A remote attacker with knowledge of the memory address of where the object was created can gain access to potentially sensitive information that can be used to conduct further attacks.

How to mitigate CVE-2018-8145

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8145

Information disclosure in Microsoft Edge - CVE-2018-8145

Detailed vulnerability description

How to mitigate CVE-2018-8145

Sources

Please verify you're human