Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-8351: Microsoft Browser Information Disclosure Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2018-8351: Microsoft Browser Information Disclosure Vulnerability

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

08/14/2018

Created

03/19/2019

Added

08/14/2018

Modified

11/18/2021

Description

An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction. An attacker who successfully exploited this vulnerability could allow an attacker to obtain browser frame or window state from a different domain. For an attack to be successful, an attacker must persuade a user to open a malicious website from a secure website. This update addresses the vulnerability by denying permission to read the state of the object model, to which frames or windows on different domains should not have access.

Solution(s)

msft-kb4343205-0b078f93-1d60-4e71-90a7-b682d4329022
msft-kb4343205-10d15f81-06cb-4693-a10a-12efd1a48129
msft-kb4343205-13e8e44b-d846-4c1b-b77c-c775a3988b8a
msft-kb4343205-44923d95-a1ce-429f-a7f3-46a429610b14
msft-kb4343205-45744f6a-7a2f-4677-a0ee-573bc6a8400d
msft-kb4343205-48b9691a-33c2-4f86-9c4a-85153012d4ef
msft-kb4343205-5bc11770-dd1c-4144-94de-5d2fd2b7cbef
msft-kb4343205-7597eb71-c396-4fdb-8600-d9d1c2582152
msft-kb4343205-8db6dc64-0c14-444d-8ac5-492c71cb5a92
msft-kb4343205-c8052fa6-186c-41a7-a222-cc079eec1a26
msft-kb4343205-d061bfd7-009e-4417-bf92-8d1d7636afdf
msft-kb4343205-d6af2c4e-ca82-4539-b40e-a18e3f8ea7e5
msft-kb4343885-a06825f6-41f1-4dda-8182-99725d2718b0
msft-kb4343885-aa3d8e16-b3c9-4adf-92c4-f7dad57f2825
msft-kb4343887-348e720d-750f-481e-b0e0-58bab6ce8538
msft-kb4343887-c796509e-8bbb-4de4-b45f-92de37e32d36
msft-kb4343887-cffa7f5a-126a-48d4-9cb6-5541b12e862e
msft-kb4343892-0c24fb3d-ed27-4461-bb0c-5905b7bc4bfc
msft-kb4343892-fbad4042-4e60-473e-a4ef-e3b1761dba11
msft-kb4343897-550b5b70-0dcd-43c0-b4c5-4fe259fda49c
msft-kb4343897-ceb32db8-813d-4ab3-818c-e740f4a18a38
msft-kb4343897-d48f1d9a-72aa-46fc-b493-ea21346badbf
msft-kb4343909-4493244a-d754-4ffd-9b1e-c248e1b14e03
msft-kb4343909-8025b6ac-6795-490e-9130-ee2ca585a1bf
msft-kb4343909-d4a86d98-3a49-4ab9-ba67-db4c0279d576

References

https://attackerkb.com/topics/cve-2018-8351
CVE - 2018-8351
4343205
4343885
4343887
4343892
4343897
4343898
4343900
4343901
4343909

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-8351: Microsoft Browser Information Disclosure Vulnerability

Microsoft CVE-2018-8351: Microsoft Browser Information Disclosure Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.