What is CVE-2018-0767?

CVE-2018-0767 is a vulnerability in Microsoft Corporation Edge. Published 2018-01-04.

Is CVE-2018-0767 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Corporation Edge

CVE-2018-0767

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Script…

EPSS: 0.756 (98.9th percentile) — read the EPSS interpretation.

Affected products

Microsoft Corporation Edge — versions Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016.

Public proof-of-concept exploits

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0767 (x_refsource_CONFIRM)
1040100 (vdb-entry, x_refsource_SECTRACK)
102393 (vdb-entry, x_refsource_BID)
43522 (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2018-0767?: CVE-2018-0767 is a vulnerability in Microsoft Corporation Edge. Published 2018-01-04.
Is CVE-2018-0767 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.