cnvd - cnvd-2018-23919

cnvd-2018-23919

Vulnerability from cnvd

Title: Microsoft Internet Explorer信息泄露漏洞（CNVD-2018-23919）

Description:

Microsoft Windows Server 2008 SP2等都是美国微软（Microsoft）公司发布的操作系统。Internet Explorer（IE）是其中的一款Windows系统附带的默认浏览器。

Microsoft IE 9、10和11中存在信息泄露漏洞。远程攻击者可利用该漏洞获取敏感信息。

Severity: 中

Patch Name: Microsoft Internet Explorer信息泄露漏洞（CNVD-2018-23919）的补丁

Patch Description:

Microsoft Windows Server 2008 SP2等都是美国微软（Microsoft）公司发布的操作系统。Internet Explorer（IE）是其中的一款Windows系统附带的默认浏览器。

Microsoft IE 9、10和11中存在信息泄露漏洞。远程攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2018-8552

Reference: https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2018-8552

Impacted products

Name
['Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows Server 2008 SP2', 'Microsoft Windows 7 SP1', 'Microsoft Internet Explorer 10', 'Microsoft Internet Explorer 9', 'Microsoft Windows Windows Server 2012', 'Microsoft Internet Explorer 11', 'Microsoft Windows 8.1', 'Microsoft Windows RT 8.1 SP0', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows 10', 'Microsoft Windows 10 1607', 'Microsoft Windows Server 2016', 'Microsoft Windows 10 1703', 'Microsoft Windows 10 1709', 'Microsoft Windows 10 1803', 'Microsoft Windows Server 2019']

Name

['Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows Server 2008 SP2', 'Microsoft Windows 7 SP1', 'Microsoft Internet Explorer 10', 'Microsoft Internet Explorer 9', 'Microsoft Windows Windows Server 2012', 'Microsoft Internet Explorer 11', 'Microsoft Windows 8.1', 'Microsoft Windows RT 8.1 SP0', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows 10', 'Microsoft Windows 10 1607', 'Microsoft Windows Server 2016', 'Microsoft Windows 10 1703', 'Microsoft Windows 10 1709', 'Microsoft Windows 10 1803', 'Microsoft Windows Server 2019']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8552",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8552"
    }
  },
  "description": "Microsoft Windows Server 2008 SP2\u7b49\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Internet Explorer\uff08IE\uff09\u662f\u5176\u4e2d\u7684\u4e00\u6b3eWindows\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002\n\nMicrosoft IE 9\u300110\u548c11\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Ivan Fratric of Google Project Zero",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2018-8552",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-23919",
  "openTime": "2018-11-25",
  "patchDescription": "Microsoft Windows Server 2008 SP2\u7b49\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Internet Explorer\uff08IE\uff09\u662f\u5176\u4e2d\u7684\u4e00\u6b3eWindows\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft IE 9\u300110\u548c11\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Internet Explorer\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-23919\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2008 R2 SP1",
      "Microsoft Windows Server 2008 SP2",
      "Microsoft Windows 7 SP1",
      "Microsoft Internet Explorer 10",
      "Microsoft Internet Explorer 9",
      "Microsoft Windows Windows Server 2012",
      "Microsoft Internet Explorer 11",
      "Microsoft Windows 8.1",
      "Microsoft Windows RT 8.1 SP0",
      "Microsoft Windows Server 2012 R2",
      "Microsoft Windows 10",
      "Microsoft Windows 10 1607",
      "Microsoft Windows Server 2016",
      "Microsoft Windows 10 1703",
      "Microsoft Windows 10 1709",
      "Microsoft Windows 10 1803",
      "Microsoft Windows Server 2019"
    ]
  },
  "referenceLink": "https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2018-8552",
  "serverity": "\u4e2d",
  "submitTime": "2018-11-15",
  "title": "Microsoft Internet Explorer\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-23919\uff09"
}

CVE-2018-8552 (GCVE-0-2018-8552)

Vulnerability from cvelistv5

Published

2018-11-14 01:00

Modified

2024-08-05 07:02

Severity ?

CWE

Information Disclosure

Summary

An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/105786	vdb-entry, x_refsource_BID
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8552	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/45924/	exploit, x_refsource_EXPLOIT-DB

Impacted products

Vendor

Product

Version

▼

Microsoft

Internet Explorer 9

Version: Windows Server 2008 for 32-bit Systems Service Pack 2
Version: Windows Server 2008 for x64-based Systems Service Pack 2

	Microsoft	Internet Explorer 11	Version: Windows 10 for 32-bit Systems Version: Windows 10 for x64-based Systems Version: Windows 10 Version 1607 for 32-bit Systems Version: Windows 10 Version 1607 for x64-based Systems Version: Windows 10 Version 1703 for 32-bit Systems Version: Windows 10 Version 1703 for x64-based Systems Version: Windows 10 Version 1709 for 32-bit Systems Version: Windows 10 Version 1709 for ARM64-based Systems Version: Windows 10 Version 1709 for x64-based Systems Version: Windows 10 Version 1803 for 32-bit Systems Version: Windows 10 Version 1803 for ARM64-based Systems Version: Windows 10 Version 1803 for x64-based Systems Version: Windows 10 Version 1809 for 32-bit Systems Version: Windows 10 Version 1809 for ARM64-based Systems Version: Windows 10 Version 1809 for x64-based Systems Version: Windows 7 for 32-bit Systems Service Pack 1 Version: Windows 7 for x64-based Systems Service Pack 1 Version: Windows 8.1 for 32-bit systems Version: Windows 8.1 for x64-based systems Version: Windows RT 8.1 Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: Windows Server 2012 R2 Version: Windows Server 2016 Version: Windows Server 2019
	Microsoft	Internet Explorer 10	Version: Windows Server 2012

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:02:25.495Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105786",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105786"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8552"
          },
          {
            "name": "45924",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45924/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Internet Explorer 9",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "Windows Server 2008 for x64-based Systems Service Pack 2"
            }
          ]
        },
        {
          "product": "Internet Explorer 11",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Windows 10 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1607 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1703 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1703 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1709 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1803 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1809 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1809 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1809 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 7 for 32-bit Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows 7 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows 8.1 for 32-bit systems"
            },
            {
              "status": "affected",
              "version": "Windows 8.1 for x64-based systems"
            },
            {
              "status": "affected",
              "version": "Windows RT 8.1"
            },
            {
              "status": "affected",
              "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012 R2"
            },
            {
              "status": "affected",
              "version": "Windows Server 2016"
            },
            {
              "status": "affected",
              "version": "Windows Server 2019"
            }
          ]
        },
        {
          "product": "Internet Explorer 10",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Windows Server 2012"
            }
          ]
        }
      ],
      "datePublic": "2018-11-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user\u0027s computer or data, aka \"Windows Scripting Engine Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-01T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "105786",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105786"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8552"
        },
        {
          "name": "45924",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45924/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8552",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Internet Explorer 9",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
                          },
                          {
                            "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Internet Explorer 11",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows 10 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1607 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1703 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1703 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1709 for ARM64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1803 for ARM64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1809 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1809 for ARM64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1809 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 7 for 32-bit Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows 7 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows 8.1 for 32-bit systems"
                          },
                          {
                            "version_value": "Windows 8.1 for x64-based systems"
                          },
                          {
                            "version_value": "Windows RT 8.1"
                          },
                          {
                            "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows Server 2012 R2"
                          },
                          {
                            "version_value": "Windows Server 2016"
                          },
                          {
                            "version_value": "Windows Server 2019"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Internet Explorer 10",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows Server 2012"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user\u0027s computer or data, aka \"Windows Scripting Engine Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105786",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105786"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8552",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8552"
            },
            {
              "name": "45924",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45924/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8552",
    "datePublished": "2018-11-14T01:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T07:02:25.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted