cnvd - cnvd-2018-07038

CNVD-2018-07038

Vulnerability from cnvd - Published: 2018-04-04

Title

Microsoft Internet Explorer信息泄露漏洞（CNVD-2018-07038）

Description

Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer处理内存对象存在安全漏洞，远程攻击者利用漏洞提交特殊的WEB页，诱使用户解析，可获取敏感信息。

Severity

中

Patch Name

Microsoft Internet Explorer信息泄露漏洞（CNVD-2018-07038）的补丁

Patch Description

Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer处理内存对象存在安全漏洞，远程攻击者利用漏洞提交特殊的WEB页，诱使用户解析，可获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0891

Reference

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0891

Impacted products

Name
['Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows Server 2008', 'Microsoft Windows 7 SP1', 'Microsoft Internet Explorer', 'Microsoft Windows Windows Server 2012', 'Microsoft Windows 8.1', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows RT 8.1', 'Microsoft Edge', 'Microsoft Windows 10 Gold', 'Microsoft Windows 10 1511', 'Microsoft Windows 10 1607', 'Microsoft Windows 10 1703', 'Microsoft Windows 10 1709']

Name

['Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows Server 2008', 'Microsoft Windows 7 SP1', 'Microsoft Internet Explorer', 'Microsoft Windows Windows Server 2012', 'Microsoft Windows 8.1', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows RT 8.1', 'Microsoft Edge', 'Microsoft Windows 10 Gold', 'Microsoft Windows 10 1511', 'Microsoft Windows 10 1607', 'Microsoft Windows 10 1703', 'Microsoft Windows 10 1709']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0891"
    }
  },
  "description": "Microsoft Internet Explorer\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft Internet Explorer\u5904\u7406\u5185\u5b58\u5bf9\u8c61\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684WEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0891",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-07038",
  "openTime": "2018-04-04",
  "patchDescription": "Microsoft Internet Explorer\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft Internet Explorer\u5904\u7406\u5185\u5b58\u5bf9\u8c61\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684WEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Internet Explorer\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-07038\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2008 R2 SP1",
      "Microsoft Windows Server 2008",
      "Microsoft Windows 7 SP1",
      "Microsoft Internet Explorer",
      "Microsoft Windows Windows Server 2012",
      "Microsoft Windows 8.1",
      "Microsoft Windows Server 2012 R2",
      "Microsoft Windows RT 8.1",
      "Microsoft Edge",
      "Microsoft Windows 10 Gold",
      "Microsoft Windows 10  1511",
      "Microsoft Windows 10 1607",
      "Microsoft Windows 10 1703",
      "Microsoft Windows 10 1709"
    ]
  },
  "referenceLink": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0891",
  "serverity": "\u4e2d",
  "submitTime": "2018-03-14",
  "title": "Microsoft Internet Explorer\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-07038\uff09"
}

CVE-2018-0891 (GCVE-0-2018-0891)

Vulnerability from cvelistv5 – Published: 2018-03-14 17:00 – Updated: 2024-09-16 20:12

Summary

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0939.

Severity ?

No CVSS data available.

CWE

Information Disclosure

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/bid/103309	vdb-entryx_refsource_BID
	https://www.exploit-db.com/exploits/44312/	exploitx_refsource_EXPLOIT-DB
	http://www.securitytracker.com/id/1040507	vdb-entryx_refsource_SECTRACK
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	ChakraCore, Microsoft Edge, Internet Explorer	Affected: Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:44:11.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103309",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103309"
          },
          {
            "name": "44312",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44312/"
          },
          {
            "name": "1040507",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040507"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0891"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ChakraCore, Microsoft Edge, Internet Explorer",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016."
            }
          ]
        }
      ],
      "datePublic": "2018-03-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0939."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-22T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "103309",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103309"
        },
        {
          "name": "44312",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44312/"
        },
        {
          "name": "1040507",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040507"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0891"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "DATE_PUBLIC": "2018-03-14T00:00:00",
          "ID": "CVE-2018-0891",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ChakraCore, Microsoft Edge, Internet Explorer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0939."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103309",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103309"
            },
            {
              "name": "44312",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44312/"
            },
            {
              "name": "1040507",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040507"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0891",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0891"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-0891",
    "datePublished": "2018-03-14T17:00:00Z",
    "dateReserved": "2017-12-01T00:00:00",
    "dateUpdated": "2024-09-16T20:12:50.573Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-07038

CVE-2018-0891 (GCVE-0-2018-0891)

Tags

Sightings

Nomenclature