[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Microsoft Scripting Engine Information Disclosure Vulnerability - CVE-2018-8315

ID: oval:org.secpod.oval:def:47409Date: (C)2018-09-12   (M)2024-03-06
Class: VULNERABILITYFamily: windows




An information disclosure vulnerability exists when the browser scripting engine improperly handle object types. An attacker who has successfully exploited this vulnerability might be able to read privileged data across trust boundaries. In browsing scenarios, an attacker could convince a user to visit a malicious site and leverage the vulnerability to obtain privileged information from the browser process, such as sensitive data from other opened tabs. An attacker could also inject malicious code into advertising networks used by trusted sites or embed malicious code on a compromised, but trusted, site.

Platform:
Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Product:
Microsoft ChakraCore
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Edge
Reference:
CVE-2018-8315
CVE    1
CVE-2018-8315
CPE    32
cpe:/o:microsoft:windows_server_2008:r2:sp1:x64
cpe:/o:microsoft:windows_7::sp1:x64
cpe:/o:microsoft:windows_7::sp1:x86
cpe:/a:microsoft:chakracore
...

© SecPod Technologies