Vulnerability Details : CVE-2019-0648
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory, aka Scripting Engine Information Disclosure Vulnerability. This CVE ID is unique from CVE-2019-0658.
Vulnerability category: Information leak
Products affected by CVE-2019-0648
- cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-0648
0.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-0648
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
References for CVE-2019-0648
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0648
CVE-2019-0648 | Scripting Engine Information Disclosure VulnerabilityPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/106885
Microsoft Edge CVE-2019-0648 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Jump to