CVE-2018-0766 — Sensitive Information Exposure in Corporation Microsoft Edge

CWE-200 — Sensitive Information Exposure6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

12.8%

top 5.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Edge

Timeline

PublishedJan 4

Latest updateMay 14

Description

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5microsoft_corporation/microsoft_edgeMicrosoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016.

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-v97w-2r58-2wrr: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compr↗2022-05-14

▶

CVEList

CVE-2018-0766: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compr↗2018-01-04

▶

📋Vendor Advisories

Microsoft

Microsoft Edge PDF Information Disclosure Vulnerability↗2018-01-09

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - January 2018↗2018-01-09

▶

Talos

Microsoft Patch Tuesday - January 2018↗2018-01-09

▶