Bird_banner_small4
Microsoft Internet Explorer jscript.dll Array Use After Free
TSL ID TSL20180313-29
CVE ID(s) CVE-2018-0935
Severity High
Description

A use-after-free vulnerability exists in Microsoft Internet Explorer. This vulnerability is due to an error while handling certain objects when processing HTML and script code.

A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

The Microsoft has issued the following bulletin regarding this vulnerability:

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0935

Affected Products
  • Microsoft Internet Explorer 10
  • Microsoft Internet Explorer 11
  • Microsoft Internet Explorer 9
CVSS Score Base 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is PARTIAL
  • Impact of this vulnerability on data integrity is PARTIAL
  • Impact of this vulnerability on data availability is PARTIAL
Temporal 5.3 (E:POC/RL:OF/RC:C):
  • The exploitability level of this vulnerability is PROOF OF CONCEPT
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://bugs.chromium.org/p/project-zero/issues/detail?id=1506
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0935
Related Threats