CVE-2018-1000
First published: Thu Apr 12 2018(Updated: )
An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-0989.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Internet Explorer | =10 | |
| Microsoft Windows Server 2012 x64 | ||
| Internet Explorer | =11 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =1511 | |
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1703 | |
| Microsoft Windows 10 | =1709 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 8.1 | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server 2008 Itanium | =r2-sp1 | |
| Microsoft Windows Server 2012 x64 | =r2 | |
| Microsoft Windows Server 2016 | ||
| Internet Explorer | =9 | |
| Microsoft Windows Server 2008 Itanium | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/103603
- http://www.securitytracker.com/id/1040653
- https://lists.apache.org/thread.html/6c9991dbcb7358e18a46cd113fa0fd7586eaf312b1c7f7d4cdb16fa1@%3Csolr-user.lucene.apache.org%3E
- https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
- https://lists.apache.org/thread.html/83315d9b28d9010eeeec360f3295105354b8ff30d94e75b5c67c13ac@%3Csolr-user.lucene.apache.org%3E
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1000
- https://lists.apache.org/thread.html/6c9991dbcb7358e18a46cd113fa0fd7586eaf312b1c7f7d4cdb16fa1%40%3Csolr-user.lucene.apache.org%3E
- https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
- https://lists.apache.org/thread.html/83315d9b28d9010eeeec360f3295105354b8ff30d94e75b5c67c13ac%40%3Csolr-user.lucene.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2018-1000?
CVE-2018-1000 is classified as a medium severity information disclosure vulnerability.
How do I fix CVE-2018-1000?
The fix for CVE-2018-1000 involves applying the latest security updates released by Microsoft for Internet Explorer.
Which versions of Internet Explorer are affected by CVE-2018-1000?
CVE-2018-1000 affects Internet Explorer versions 9, 10, and 11.
Is CVE-2018-1000 present on Microsoft Windows 10?
CVE-2018-1000 does not affect Microsoft Windows 10 as it is not a vulnerable version.
What type of attack can exploit CVE-2018-1000?
CVE-2018-1000 can be exploited through malicious websites that may lead to information disclosure.
- agent/type
- agent/severity
- agent/author
- agent/weakness
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/internet explorer
- version/internet explorer/10
- canonical/microsoft windows server 2012 x64
- version/internet explorer/11
- canonical/microsoft windows 10
- version/microsoft windows 10/1511
- version/microsoft windows 10/1607
- version/microsoft windows 10/1703
- version/microsoft windows 10/1709
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows 8.1
- canonical/microsoft windows rt
- canonical/microsoft windows server 2008 itanium
- version/microsoft windows server 2008 itanium/r2-sp1
- version/microsoft windows server 2012 x64/r2
- canonical/microsoft windows server 2016
- version/internet explorer/9
- version/microsoft windows server 2008 itanium/sp2