Microsoft Scripting Engine Information Disclosure Vulnerability - CVE-2018-8315ID: oval:org.secpod.oval:def:47409 | Date: (C)2018-09-12 (M)2024-03-06 |
Class: VULNERABILITY | Family: windows |
An information disclosure vulnerability exists when the browser scripting engine improperly handle object types. An attacker who has successfully exploited this vulnerability might be able to read privileged data across trust boundaries. In browsing scenarios, an attacker could convince a user to visit a malicious site and leverage the vulnerability to obtain privileged information from the browser process, such as sensitive data from other opened tabs. An attacker could also inject malicious code into advertising networks used by trusted sites or embed malicious code on a compromised, but trusted, site.
Platform: |
Microsoft Windows 10 |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Product: |
Microsoft ChakraCore |
Microsoft Internet Explorer 10 |
Microsoft Internet Explorer 11 |
Microsoft Edge |