Microsoft Scripting Engine CVE-2018-8315 Information Disclosure Vulnerability

description-logoDescription

An information disclosure vulnerability exists when the browser scripting engine improperly handle object types. An attacker who has successfully exploited this vulnerability might be able to read privileged data across trust boundaries. In browsing scenarios, an attacker could convince a user to visit a malicious site and leverage the vulnerability to obtain privileged information from the browser process, such as sensitive data from other opened tabs. An attacker could also inject malicious code into advertising networks used by trusted sites or embed malicious code on a compromised, but trusted, site. The security update addresses the vulnerability by correcting how the browser scripting engine handles object types.

affected-products-logoAffected Applications

Microsoft Edge
Internet Explorer 11
Internet Explorer 10

CVE References

CVE-2018-8315