TSA-2018-002: Microsoft Edge Information Disclosure Vulnerability
CVE Number: CVE-2018-0839
Summary
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
Details and crash information
edgehtml!Ordinal125+0xe3c86:
5ef196d6 8b5928 mov ebx,dword ptr [ecx+28h] ds:0023:117cd008=????????
edgehtml!Ordinal125+0xe3c86:
5ef196d6 8b5928 mov ebx,dword ptr [ecx+28h] ds:0023:117cd008=????????
Vendor: Microsoft
Product: Edge
Version: 11.0.15063.67
Vendor URLs:
- https://www.microsoft.com
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0839
- https://www.zerodayinitiative.com/advisories/ZDI-18-167/
Vendor Response
The vendor has patched the vulnerability and released a new version
Disclosure Timeline
- 23-11-2017 – Initial Discovery
- 29-11-2017 – ZDI Notification
- 07-12-2017 - Vendor notification
- 21-02-2018 - Coordinated public release of advisory
Credit