CVE-2018-0987
Microsoft Windows JScript defineProperty Use-After-Free Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
13Public Exploits
0Exploited in Wild
-Decision
Descriptions
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0989, CVE-2018-1000.
Existe una vulnerabilidad de divulgación de información cuando el motor de scripting no gestiona correctamente los objetos en la memoria en Internet Explorer. Esto también se conoce como "Scripting Engine Information Disclosure Vulnerability". Esto afecta a Internet Explorer 9, Internet Explorer 11 e Internet Explorer 10. El ID de este CVE es diferente de CVE-2018-0981, CVE-2018-0989 y CVE-2018-1000.
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows JScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the implementation of the defineProperty method. By performing actions in JScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-01 CVE Reserved
- 2018-04-11 CVE Published
- 2024-08-05 CVE Updated
- 2025-04-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advis... | 2020-08-24 |
| URL | Date | SRC |
|---|