CVE-2018-8452Sensitive Information Exposure in Microsoft Chakracore

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
11.4%
top 6.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft ChakracoreMicrosoft Internet Explorer 11Microsoft Edge+1 more
Timeline
PublishedSep 13
Latest updateMay 13

Description

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5microsoft/internet_explorer_1118 versions+17
CVEListV5microsoft/chakracoreChakraCore
CVEListV5microsoft/microsoft_edge11 versions+10

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
ChakraCore information disclosure vulnerability2022-05-13
OSV
ChakraCore information disclosure vulnerability2022-05-13
CVEList
CVE-2018-8452: An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Script2018-09-13

📋Vendor Advisories

1
Microsoft
Scripting Engine Information Disclosure Vulnerability2018-09-11
CVE-2018-8452 — Sensitive Information Exposure | cvebase