Vulnerability Details : CVE-2018-0847
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability".
Vulnerability category: Memory CorruptionInformation leak
Products affected by CVE-2018-0847
- cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*When used together with: Microsoft » Windows 8.1
Exploit prediction scoring system (EPSS) score for CVE-2018-0847
1.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0847
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2018-0847
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-0847
-
http://www.securityfocus.com/bid/102861
Microsoft Windows Scripting Engine CVE-2018-0847 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0847
CVE-2018-0847 | Windows Scripting Engine Memory Corruption VulnerabilityPatch;Vendor Advisory
-
http://www.securitytracker.com/id/1040370
Windows Scripting Engine Flaw Lets Remote Users Obtain Potentially Sensitive Memory Contents on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
Jump to