HTTP: Microsoft Internet Explorer and Edge Substring New Out of Bounds Read
This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer and Edge. Successful exploitation would allow the attacker to gain sensitive information.
Extended Description
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0939.
Short Name
HTTP:STC:IE:CVE-2018-0891-OOB
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Bounds CVE-2018-0891 Edge Explorer Internet Microsoft New Out Read Substring and bid:103309 of
Release Date
04/03/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3415
False Positive
Unknown
CVSS Score
4.3