CVE-2018-0767: Out-of-bounds Read

January 4, 2018 (updated August 24, 2020)

Microsoft Edge in Microsoft Windows, and Windows Server allows an attacker to obtain information to further compromise the user’s system, due to how the scripting engine handles objects in memory, aka “Scripting Engine Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800.

References

www.securityfocus.com/bid/102393
www.securitytracker.com/id/1040100
nvd.nist.gov/vuln/detail/CVE-2018-0767
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0767
www.exploit-db.com/exploits/43522/

Code Behaviors & Features

Detect and mitigate CVE-2018-0767 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →