CVE-2018-8351 — Inclusion of Functionality from Untrusted Control Sphere in Microsoft Internet Explorer 10

CWE-829 — Inclusion of Functionality from Untrusted Control Sphere4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

14.7%

top 5.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Edge +1 more

Timeline

PublishedAug 15

Latest updateMay 13

Description

An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDmicrosoft/internet_explorer10, 11+1

▶CVEListV5microsoft/internet_explorer_10Windows Server 2012

▶CVEListV5microsoft/internet_explorer_1118 versions+17

▶CVEListV5microsoft/microsoft_edge4 versions+3

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-r293-h3gq-5mmr: An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Infor↗2022-05-13

▶

CVEList

CVE-2018-8351: An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Infor↗2018-08-15

▶

📋Vendor Advisories

Microsoft

Microsoft Browser Information Disclosure Vulnerability↗2018-08-14

▶