CVE-2018-8145

HIGH

Description

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.

References

http://www.securityfocus.com/bid/103986

http://www.securitytracker.com/id/1040844

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8145

https://www.exploit-db.com/exploits/45011/

Details

Source: MITRE

Published: 2018-05-09

Updated: 2019-10-03

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 7.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 4.9

Severity: HIGH

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.6

Severity: HIGH

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
109613Security Updates for Internet Explorer (May 2018)NessusWindows : Microsoft Bulletins
high
109611KB4103731: Windows 10 Version 1703 May 2018 Security UpdateNessusWindows : Microsoft Bulletins
high
109610KB4103726: Windows Server 2012 May 2018 Security UpdateNessusWindows : Microsoft Bulletins
high
109608KB4103727: Windows 10 Version 1709 and Windows Server Version 1709 May 2018 Security UpdateNessusWindows : Microsoft Bulletins
high
109607KB4103715: Windows 8.1 and Windows Server 2012 R2 May 2018 Security UpdateNessusWindows : Microsoft Bulletins
high
109606KB4103723: Windows 10 Version 1607 and Windows Server 2016 May 2018 Security UpdateNessusWindows : Microsoft Bulletins
high
109605KB4103721: Windows 10 Version 1803 and Windows Server Version 1803 May 2018 Security UpdateNessusWindows : Microsoft Bulletins
high
109604KB4103712: Windows 7 and Windows Server 2008 R2 May 2018 Security UpdateNessusWindows : Microsoft Bulletins
high
109603KB4103716: Windows 10 May 2018 Security UpdateNessusWindows : Microsoft Bulletins
high