Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-8370: Microsoft Edge Information Disclosure Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2018-8370: Microsoft Edge Information Disclosure Vulnerability

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

08/14/2018

Created

03/19/2019

Added

08/14/2018

Modified

11/18/2021

Description

A information disclosure vulnerability exists when WebAudio Library improperly handles audio requests. An attacker who has successfully exploited this vulnerability might be able to read privileged data across trust boundaries. In browsing scenarios, an attacker could convince a user to visit a malicious site and leverage the vulnerability to obtain privileged information from the browser process, such as sensitive data from other opened tabs. An attacker could also inject malicious code into advertising networks used by trusted sites or embed malicious code on a compromised, but trusted, site. The update addresses the vulnerability by correcting how the WebAudio Library handles audio requests.

Solution(s)

msft-kb4343885-a06825f6-41f1-4dda-8182-99725d2718b0
msft-kb4343885-aa3d8e16-b3c9-4adf-92c4-f7dad57f2825
msft-kb4343887-348e720d-750f-481e-b0e0-58bab6ce8538
msft-kb4343887-c796509e-8bbb-4de4-b45f-92de37e32d36
msft-kb4343887-cffa7f5a-126a-48d4-9cb6-5541b12e862e
msft-kb4343892-0c24fb3d-ed27-4461-bb0c-5905b7bc4bfc
msft-kb4343892-fbad4042-4e60-473e-a4ef-e3b1761dba11
msft-kb4343897-550b5b70-0dcd-43c0-b4c5-4fe259fda49c
msft-kb4343897-ceb32db8-813d-4ab3-818c-e740f4a18a38
msft-kb4343897-d48f1d9a-72aa-46fc-b493-ea21346badbf
msft-kb4343909-4493244a-d754-4ffd-9b1e-c248e1b14e03
msft-kb4343909-8025b6ac-6795-490e-9130-ee2ca585a1bf
msft-kb4343909-d4a86d98-3a49-4ab9-ba67-db4c0279d576

References

https://attackerkb.com/topics/cve-2018-8370
CVE - 2018-8370
4343885
4343887
4343892
4343897
4343909

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-8370: Microsoft Edge Information Disclosure Vulnerability

Microsoft CVE-2018-8370: Microsoft Edge Information Disclosure Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.