Main Vulnerability Database Vulnerabilities #VU12485

#VU12485 Information disclosure in Microsoft Edge - CVE-2018-8145

Published: May 8, 2018 / Updated: May 8, 2018

Vulnerability identifier: #VU12485

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-8145

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Edge

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to improper disclosure of the contents of its memory by Chakra. A remote attacker with knowledge of the memory address of where the object was created can gain access to potentially sensitive information that can be used to conduct further attacks.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8145

#VU12485 Information disclosure in Microsoft Edge - CVE-2018-8145

Description

Remediation

External links

Please verify you're human