CVE-2018-0780

MSR

MediumConfirmedExploit available

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to fu…

CVSS

5.3

Medium

EPSS

0.59

p98

Published

2018-01-01

Updated

2018-01-01

Description

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800.

Tags · CWE

RCEPre-auth

CWE-125

CAPEC-540

Affected products

Chakracore < 1.7.6

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Timeline

2018-01-01

Published

2018-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: H

High (H)

Privileges Required

PR: N

None (N)

User Interaction

UI: R

Required (R)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: N

None (N)

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.586 · p98

Known exploited (KEV)

Known exploits — Сканер-ВС

43720

exploitdb · https://www.exploit-db.com/exploits/43720

Enterprise

Affected products

Microsoft

Windows Windows Server 2016 Windows 10 Edge Chakracore

Product	Vendor	Status
chakracore	*	Tracked
edge	*	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked

Source databases

MSR

CVE