CVE-2018-1025 — Sensitive Information Exposure in Microsoft Internet Explorer 11

6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

8.7%

top 7.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer 11 Microsoft Edge Microsoft Internet Explorer

Timeline

PublishedMay 9

Latest updateMay 13

Description

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶NVDmicrosoft/internet_explorer11

▶CVEListV5microsoft/internet_explorer_1118 versions+17

▶CVEListV5microsoft/microsoft_edge11 versions+10

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-5xph-3pch-mgwr: An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Informatio↗2022-05-13

▶

CVEList

CVE-2018-1025: An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Informatio↗2018-05-09

▶

💥Exploits & PoCs

Exploit-DB

STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (1)↗2018-09-13

▶

📋Vendor Advisories

Microsoft

Microsoft Browser Information Disclosure Vulnerability↗2018-05-08

▶

💬Community

Bugzilla

CVE-2018-8804 ImageMagick: double free in WriteEPTImage function in coders/ept.c↗2018-03-23

▶