cve-2018-0800
Vulnerability from cvelistv5
Published
2018-01-04 14:00
Modified
2024-09-17 00:06
Severity
Summary
Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780.
References
| Source | URL | Tags |
|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102392 | Third Party Advisory, VDB Entry |
| secure@microsoft.com | http://www.securitytracker.com/id/1040100 | Third Party Advisory, VDB Entry |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product |
|---|---|
| Microsoft Corporation | Microsoft Edge |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040100",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040100"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800"
},
{
"name": "102392",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102392"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Edge",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Windows 10 1709"
}
]
}
],
"datePublic": "2018-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user\u0027s system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1040100",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040100"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800"
},
{
"name": "102392",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102392"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-03T00:00:00",
"ID": "CVE-2018-0800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 10 1709"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user\u0027s system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040100",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040100"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800"
},
{
"name": "102392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102392"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0800",
"datePublished": "2018-01-04T14:00:00Z",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-09-17T00:06:29.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-0800\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2018-01-04T14:29:01.440\",\"lastModified\":\"2018-01-17T16:06:34.300\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user\u0027s system, due to how the scripting engine handles objects in memory, aka \\\"Scripting Engine Information Disclosure Vulnerability\\\". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780.\"},{\"lang\":\"es\",\"value\":\"Microsoft Edge en Microsoft Windows 10 1709 permite que un atacante obtenga informaci\u00f3n para comprometer aun m\u00e1s la seguridad del sistema del usuario por la manera en la que el motor de scripting gestiona los objetos en la memoria. Esta vulnerabilidad tambi\u00e9n se conoce como \\\"Scripting Engine Information Disclosure Vulnerability\\\". El ID de este CVE es diferente de CVE-2018-0767 y CVE-2018-0780.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.6\",\"matchCriteriaId\":\"C2E98CD2-F5A5-4B92-9F58-BFE9FA74375F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77D197D7-57FB-4898-8C70-B19D5F0D5BE0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B14968-3985-43C3-ACE5-8307196EFAE3\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102392\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040100\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
Loading...