Wednesday, March 7, 2018

Telspace Systems Security Advisory (TSA-2018-002)

Security Advisory


TSA-2018-002: Microsoft Edge Information Disclosure Vulnerability

CVE Number: CVE-2018-0839

Summary

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
Details and crash information

 edgehtml!Ordinal125+0xe3c86:

5ef196d6 8b5928          mov     ebx,dword ptr [ecx+28h] ds:0023:117cd008=????????


Vendor: Microsoft

Product: Edge

Version: 11.0.15063.67

Vendor URLs:







Vendor Response



The vendor has patched the vulnerability and released a new version







Disclosure Timeline


    

  • 23-11-2017 – Initial Discovery
    • 

  • 29-11-2017 – ZDI Notification
    • 

  • 07-12-2017 - Vendor notification
    • 

  • 21-02-2018 - Coordinated public release of advisory
    • 




Credit





This vulnerability was discovered by Dmitri Kaslov of Telspace Systems











at





















Labels:
,
,
,
,
,
,


















No comments:











Post a Comment







        

      









Subscribe to:
Post Comments (Atom)