CVE-2018-0891

Published Mar 14, 2018

Last updated 3 days ago

Overview

Description
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0939.
Source
secure@microsoft.com
NVD status
Modified

Risk scores

CVSS 3.0

Type
Primary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
4.3
Impact score
2.9
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov
CWE-401

Social media

Hype score
Not currently trending

Configurations