Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormGoogle Security ResearchPACKETSTORM:148530
HistoryJul 12, 2018 - 12:00 a.m.

Microsoft Edge Chakra JIT BoundFunction::NewInstance Bug

2018-07-1200:00:00
Google Security Research
packetstormsecurity.com
16

0.966 High

EPSS

Percentile

99.5%

JSON
`Microsoft Edge: Chakra: A bug in BoundFunction::NewInstance   
  
CVE-2018-8139  
  
  
BoundFunction::NewInstance is used to handle calls to a bound function. The method first allocates a new argument array and copies the prepended arguments and others into the new argument array and calls the actual function. The problem is, it doesn't care about the CallFlags_NewTarget flag which indicates that there's an extra argument (new.target) at the end of the argument array. So the size of the new argument array created with the CallFlags_NewTarget flag will be always 1 less then required, this leads to an OOB read.  
  
PoC:  
function func() {  
new.target.x;  
}  
  
let bound = func.bind({}, 1);  
  
Reflect.construct(bound, []);  
  
  
  
This bug is subject to a 90 day disclosure deadline. After 90 days elapse  
or a patch has been made broadly available, the bug report will become  
visible to the public.  
  
  
  
  
Found by: lokihardt  
  
`

Related

symantec 1
zdt 1
checkpoint_advisories 1
mscve 1
prion 12
veracode 8
osv 14
cve 12
github 6
kaspersky 1
openvas 1
nessus 1
mskb 1
talosblog 1
trendmicroblog 1
symantec
symantec
Microsoft Edge CVE-2018-8139 Remote Memory Corruption Vulnerability
2018-05-08 00:00:00
zdt
zdt
Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read Exploit
2018-07-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Out Of Bounds Read (CVE-2018-8139)
2018-07-12 00:00:00
mscve
mscve
Scripting Engine Memory Corruption Vulnerability
2018-05-08 07:00:00
prion
prion
Remote code execution
2018-05-09 19:29:00
Remote code execution
2018-05-09 19:29:00
Remote code execution
2018-05-09 19:29:00
veracode
veracode
Remote Code Execution (RCE)
2018-06-29 04:41:21
Remote Code Execution (RCE)
2018-06-28 06:50:17
Remote Code Execution (RCE)
2018-06-29 04:40:18
osv
osv
ChakraCore RCE Vulnerability
2022-05-13 01:18:49
ChakraCore RCE Vulnerability
2022-05-13 01:20:40
CVE-2018-8139
2018-05-09 19:29:01
cve
cve
CVE-2018-0945
2018-05-09 19:29:00
CVE-2018-0954
2018-05-09 19:29:00
CVE-2018-0955
2018-05-09 19:29:00
github
github
ChakraCore RCE Vulnerability
2022-05-13 01:18:49
ChakraCore RCE Vulnerability
2022-05-13 01:18:39
ChakraCore RCE Vulnerability
2022-05-13 01:18:39
kaspersky
kaspersky
KLA11247 Multiple vulnerabilities in Microsoft Browsers
2018-05-08 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4103721)
2018-05-09 00:00:00
nessus
nessus
KB4103721: Windows 10 Version 1803 and Windows Server Version 1803 May 2018 Security Update
2018-05-08 00:00:00
mskb
mskb
May 8, 2018—KB4103721 (OS Build 17134.48)
2018-05-08 07:00:00
talosblog
talosblog
Microsoft Patch Tuesday - May 2018
2018-05-08 12:02:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 7, 2018
2018-05-11 15:37:20

0.966 High

EPSS

Percentile

99.5%

JSON
Related for PACKETSTORM:148530
symantec1zdt1checkpoint_advisories1mscve1prion12veracode8osv14cve12github6kaspersky1openvas1nessus1mskb1talosblog1trendmicroblog1