An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.
http://www.securityfocus.com/bid/103986
http://www.securitytracker.com/id/1040844
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8145
Source: MITRE
Published: 2018-05-09
Updated: 2019-10-03
Type: CWE-200
Base Score: 7.6
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 4.9
Severity: HIGH
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.6
Severity: HIGH
OR
cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:* versions up to 1.8.3 (inclusive)
AND
OR
OR
AND
OR
OR
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
AND
OR
OR
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
109613 | Security Updates for Internet Explorer (May 2018) | Nessus | Windows : Microsoft Bulletins | high |
109611 | KB4103731: Windows 10 Version 1703 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109610 | KB4103726: Windows Server 2012 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109608 | KB4103727: Windows 10 Version 1709 and Windows Server Version 1709 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109607 | KB4103715: Windows 8.1 and Windows Server 2012 R2 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109606 | KB4103723: Windows 10 Version 1607 and Windows Server 2016 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109605 | KB4103721: Windows 10 Version 1803 and Windows Server Version 1803 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109604 | KB4103712: Windows 7 and Windows Server 2008 R2 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109603 | KB4103716: Windows 10 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |