PT-2018-9128 · Microsoft · Windows 8.1+9

Ivan Fratric

Published

2018-03-13

Updated

2020-08-24

CVE-2018-0891

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: ChakraCore versions (affected versions not specified) Internet Explorer versions (affected versions not specified) Microsoft Edge versions (affected versions not specified) Microsoft Windows 7 SP1 Microsoft Windows Server 2008 and R2 SP1 Microsoft Windows 8.1 and Windows RT 8.1 Microsoft Windows Server 2012 and R2 Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709 Microsoft Windows Server 2016

Description: An information disclosure issue exists due to how the scripting engine handles objects in memory. This could allow an attacker to obtain information to further compromise the user's system.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

CVE-2018-0891

Affected Products

Chakracore

Edge

Internet Explorer

Windows 10

Windows 7

Windows 8.1

Windows Rt 8.1

Windows Server 2008

Windows Server 2012

Windows Server 2016

PT-2018-9128 · Microsoft · Windows 8.1+9

CVE-2018-0891

Weakness Enumeration

Related Identifiers

Affected Products

References · 8