Wednesday, March 7, 2018

Telspace Systems Security Advisory (TSA-2018-002)

Security Advisory

TSA-2018-002: Microsoft Edge Information Disclosure Vulnerability

CVE Number: CVE-2018-0839


An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Details and crash information


5ef196d6 8b5928          mov     ebx,dword ptr [ecx+28h] ds:0023:117cd008=????????

Vendor: Microsoft

Product: Edge

Version: 11.0.15063.67

Vendor URLs:

Vendor Response

The vendor has patched the vulnerability and released a new version

Disclosure Timeline
  • 23-11-2017 – Initial Discovery
  • 29-11-2017 – ZDI Notification
  • 07-12-2017 - Vendor notification
  • 21-02-2018 - Coordinated public release of advisory

This vulnerability was discovered by Dmitri Kaslov of Telspace Systems