cvelistv5 - cve-2018-0800

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:49.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040100",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040100"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800"
          },
          {
            "name": "102392",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102392"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Edge",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft Windows 10 1709"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user\u0027s system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-05T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1040100",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040100"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800"
        },
        {
          "name": "102392",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102392"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "DATE_PUBLIC": "2018-01-03T00:00:00",
          "ID": "CVE-2018-0800",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Edge",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft Windows 10 1709"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user\u0027s system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040100",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040100"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800"
            },
            {
              "name": "102392",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102392"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-0800",
    "datePublished": "2018-01-04T14:00:00Z",
    "dateReserved": "2017-12-01T00:00:00",
    "dateUpdated": "2024-09-17T00:06:29.793Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.7.6\", \"matchCriteriaId\": \"C2E98CD2-F5A5-4B92-9F58-BFE9FA74375F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77D197D7-57FB-4898-8C70-B19D5F0D5BE0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83B14968-3985-43C3-ACE5-8307196EFAE3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user\u0027s system, due to how the scripting engine handles objects in memory, aka \\\"Scripting Engine Information Disclosure Vulnerability\\\". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780.\"}, {\"lang\": \"es\", \"value\": \"Microsoft Edge en Microsoft Windows 10 1709 permite que un atacante obtenga informaci\\u00f3n para comprometer aun m\\u00e1s la seguridad del sistema del usuario por la manera en la que el motor de scripting gestiona los objetos en la memoria. Esta vulnerabilidad tambi\\u00e9n se conoce como \\\"Scripting Engine Information Disclosure Vulnerability\\\". El ID de este CVE es diferente de CVE-2018-0767 y CVE-2018-0780.\"}]",
      "id": "CVE-2018-0800",
      "lastModified": "2024-11-21T03:38:58.570",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-01-04T14:29:01.440",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/102392\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040100\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102392\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040100\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-0800\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2018-01-04T14:29:01.440\",\"lastModified\":\"2024-11-21T03:38:58.570\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user\u0027s system, due to how the scripting engine handles objects in memory, aka \\\"Scripting Engine Information Disclosure Vulnerability\\\". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780.\"},{\"lang\":\"es\",\"value\":\"Microsoft Edge en Microsoft Windows 10 1709 permite que un atacante obtenga informaci\u00f3n para comprometer aun m\u00e1s la seguridad del sistema del usuario por la manera en la que el motor de scripting gestiona los objetos en la memoria. Esta vulnerabilidad tambi\u00e9n se conoce como \\\"Scripting Engine Information Disclosure Vulnerability\\\". El ID de este CVE es diferente de CVE-2018-0767 y CVE-2018-0780.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.6\",\"matchCriteriaId\":\"C2E98CD2-F5A5-4B92-9F58-BFE9FA74375F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77D197D7-57FB-4898-8C70-B19D5F0D5BE0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B14968-3985-43C3-ACE5-8307196EFAE3\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102392\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040100\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102392\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040100\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2018-AVI-024

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une divulgation d'informations, une exécution de code à distance et un contournement de la fonctionnalité de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	N/A	ChakraCore

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-0780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0780"
    },
    {
      "name": "CVE-2018-0768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0768"
    },
    {
      "name": "CVE-2018-0776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0776"
    },
    {
      "name": "CVE-2018-0775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0775"
    },
    {
      "name": "CVE-2018-0772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0772"
    },
    {
      "name": "CVE-2018-0758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0758"
    },
    {
      "name": "CVE-2018-0777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0777"
    },
    {
      "name": "CVE-2018-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0781"
    },
    {
      "name": "CVE-2018-0800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0800"
    },
    {
      "name": "CVE-2018-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0767"
    },
    {
      "name": "CVE-2018-0769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0769"
    },
    {
      "name": "CVE-2018-0818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0818"
    },
    {
      "name": "CVE-2018-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0778"
    },
    {
      "name": "CVE-2018-0762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0762"
    },
    {
      "name": "CVE-2018-0770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0770"
    },
    {
      "name": "CVE-2018-0774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0774"
    },
    {
      "name": "CVE-2018-0773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0773"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-024",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une divulgation d\u0027informations, une ex\u00e9cution de\ncode \u00e0 distance et un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 janvier 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
    }
  ]
}

CERTFR-2018-AVI-020

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une élévation de privilèges, une divulgation d'informations et une exécution de code à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-0780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0780"
    },
    {
      "name": "CVE-2018-0768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0768"
    },
    {
      "name": "CVE-2018-0776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0776"
    },
    {
      "name": "CVE-2018-0775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0775"
    },
    {
      "name": "CVE-2018-0772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0772"
    },
    {
      "name": "CVE-2018-0758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0758"
    },
    {
      "name": "CVE-2018-0766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0766"
    },
    {
      "name": "CVE-2018-0777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0777"
    },
    {
      "name": "CVE-2018-0803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0803"
    },
    {
      "name": "CVE-2018-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0781"
    },
    {
      "name": "CVE-2018-0800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0800"
    },
    {
      "name": "CVE-2018-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0767"
    },
    {
      "name": "CVE-2018-0769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0769"
    },
    {
      "name": "CVE-2018-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0778"
    },
    {
      "name": "CVE-2018-0762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0762"
    },
    {
      "name": "CVE-2018-0770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0770"
    },
    {
      "name": "CVE-2018-0774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0774"
    },
    {
      "name": "CVE-2018-0773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0773"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-020",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges, une divulgation d\u0027informations et\nune ex\u00e9cution de code \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 janvier 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
    }
  ]
}

CERTFR-2018-AVI-024

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	N/A	ChakraCore

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-0780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0780"
    },
    {
      "name": "CVE-2018-0768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0768"
    },
    {
      "name": "CVE-2018-0776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0776"
    },
    {
      "name": "CVE-2018-0775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0775"
    },
    {
      "name": "CVE-2018-0772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0772"
    },
    {
      "name": "CVE-2018-0758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0758"
    },
    {
      "name": "CVE-2018-0777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0777"
    },
    {
      "name": "CVE-2018-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0781"
    },
    {
      "name": "CVE-2018-0800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0800"
    },
    {
      "name": "CVE-2018-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0767"
    },
    {
      "name": "CVE-2018-0769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0769"
    },
    {
      "name": "CVE-2018-0818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0818"
    },
    {
      "name": "CVE-2018-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0778"
    },
    {
      "name": "CVE-2018-0762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0762"
    },
    {
      "name": "CVE-2018-0770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0770"
    },
    {
      "name": "CVE-2018-0774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0774"
    },
    {
      "name": "CVE-2018-0773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0773"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-024",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une divulgation d\u0027informations, une ex\u00e9cution de\ncode \u00e0 distance et un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 janvier 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
    }
  ]
}

CERTFR-2018-AVI-020

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-0780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0780"
    },
    {
      "name": "CVE-2018-0768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0768"
    },
    {
      "name": "CVE-2018-0776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0776"
    },
    {
      "name": "CVE-2018-0775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0775"
    },
    {
      "name": "CVE-2018-0772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0772"
    },
    {
      "name": "CVE-2018-0758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0758"
    },
    {
      "name": "CVE-2018-0766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0766"
    },
    {
      "name": "CVE-2018-0777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0777"
    },
    {
      "name": "CVE-2018-0803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0803"
    },
    {
      "name": "CVE-2018-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0781"
    },
    {
      "name": "CVE-2018-0800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0800"
    },
    {
      "name": "CVE-2018-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0767"
    },
    {
      "name": "CVE-2018-0769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0769"
    },
    {
      "name": "CVE-2018-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0778"
    },
    {
      "name": "CVE-2018-0762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0762"
    },
    {
      "name": "CVE-2018-0770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0770"
    },
    {
      "name": "CVE-2018-0774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0774"
    },
    {
      "name": "CVE-2018-0773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0773"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-020",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges, une divulgation d\u0027informations et\nune ex\u00e9cution de code \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 janvier 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
    }
  ]
}

GHSA-9HG5-FVV3-P692

Vulnerability from github – Published: 2022-05-14 03:49 – Updated: 2022-05-14 03:49

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0800"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-04T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user\u0027s system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780.",
  "id": "GHSA-9hg5-fvv3-p692",
  "modified": "2022-05-14T03:49:57Z",
  "published": "2022-05-14T03:49:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0800"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102392"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040100"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-0800

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-0800

Aliases

CVE-2018-0800

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0800",
    "description": "Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user\u0027s system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780.",
    "id": "GSD-2018-0800"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0800"
      ],
      "details": "Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user\u0027s system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780.",
      "id": "GSD-2018-0800",
      "modified": "2023-12-13T01:22:24.829450Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "DATE_PUBLIC": "2018-01-03T00:00:00",
        "ID": "CVE-2018-0800",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Edge",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Microsoft Windows 10 1709"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user\u0027s system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1040100",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040100"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800"
          },
          {
            "name": "102392",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102392"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,1.7.6)",
          "affected_versions": "All versions before 1.7.6",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-200",
            "CWE-937"
          ],
          "date": "2018-01-17",
          "description": "Microsoft Edge in Microsoft Windows allows an attacker to obtain information to further compromise the user\u0027s system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780.",
          "fixed_versions": [
            "1.7.6"
          ],
          "identifier": "CVE-2018-0800",
          "identifiers": [
            "CVE-2018-0800"
          ],
          "not_impacted": "All versions starting from 1.7.6",
          "package_slug": "nuget/Microsoft.ChakraCore",
          "pubdate": "2018-01-04",
          "solution": "Upgrade to version 1.7.6 or above.",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-0800",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800",
            "http://www.securitytracker.com/id/1040100",
            "http://www.securityfocus.com/bid/102392"
          ],
          "uuid": "0e4bf0d2-5e2a-43ed-a1f9-f43ad742bdb5"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.7.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-0800"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user\u0027s system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800"
            },
            {
              "name": "1040100",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040100"
            },
            {
              "name": "102392",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102392"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2018-01-17T16:06Z",
      "publishedDate": "2018-01-04T14:29Z"
    }
  }
}

CNVD-2018-00531

Vulnerability from cnvd - Published: 2018-01-09

Title

Microsoft Edge脚本引擎信息泄露漏洞（CNVD-2018-00531 ）

Description

Microsoft Windows 10是美国微软（Microsoft）公司发布的一套操作系统。Microsoft Edge是其中的一款系统附带的Web浏览器。scripting engine是其中的一个JavaScript引擎组件。 Microsoft Windows 10版本1709中的Edge脚本引擎存在信息泄露漏洞，该漏洞源于程序未能正确的处理内存中的对象。攻击者可利用该漏洞获取信息。

Severity

中

Patch Name

Microsoft Edge脚本引擎信息泄露漏洞（CNVD-2018-00531 ）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800

Reference

https://www.securityfocus.com/bid/102392

Impacted products

Name
['Microsoft Edge', 'Microsoft Windows 10 1709']

Show details on source website

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102392"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0800"
    }
  },
  "description": "Microsoft Windows 10\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Microsoft Edge\u662f\u5176\u4e2d\u7684\u4e00\u6b3e\u7cfb\u7edf\u9644\u5e26\u7684Web\u6d4f\u89c8\u5668\u3002scripting engine\u662f\u5176\u4e2d\u7684\u4e00\u4e2aJavaScript\u5f15\u64ce\u7ec4\u4ef6\u3002\r\n\r\nMicrosoft Windows 10\u7248\u672c1709\u4e2d\u7684Edge\u811a\u672c\u5f15\u64ce\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u5185\u5b58\u4e2d\u7684\u5bf9\u8c61\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002",
  "discovererName": "Johnathan Norman of Windows Devices Group \u00e2?? Operating System Security Team",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-00531",
  "openTime": "2018-01-09",
  "patchDescription": "Microsoft Windows 10\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Microsoft Edge\u662f\u5176\u4e2d\u7684\u4e00\u6b3e\u7cfb\u7edf\u9644\u5e26\u7684Web\u6d4f\u89c8\u5668\u3002scripting engine\u662f\u5176\u4e2d\u7684\u4e00\u4e2aJavaScript\u5f15\u64ce\u7ec4\u4ef6\u3002\r\n\r\nMicrosoft Windows 10\u7248\u672c1709\u4e2d\u7684Edge\u811a\u672c\u5f15\u64ce\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u5185\u5b58\u4e2d\u7684\u5bf9\u8c61\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Edge\u811a\u672c\u5f15\u64ce\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-00531 \uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Edge",
      "Microsoft Windows 10 1709"
    ]
  },
  "referenceLink": "https://www.securityfocus.com/bid/102392",
  "serverity": "\u4e2d",
  "submitTime": "2018-01-05",
  "title": "Microsoft Edge\u811a\u672c\u5f15\u64ce\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-00531 \uff09"
}

FKIE_CVE-2018-0800

Vulnerability from fkie_nvd - Published: 2018-01-04 14:29 - Updated: 2024-11-21 03:38

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/102392	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1040100	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102392	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040100	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	chakracore	*
microsoft	edge	-
microsoft	windows_10	1709