2814 matches found
CVE-2016-7297
CVE-2016-7297 is linked to a Microsoft Edge memory-corruption issue in the scripting engine (Chakra) when sorting TypedArray elements via a crafted web page. Connected analysis (MS16-145) describes a TypedArray.sort UAF chain in Chakra.dll (version 11.0.14393.0 on Windows 10 Anniversary Update) t...
CVE-2016-7296
The connected material centers on Microsoft Edge memory corruption in scripting/TypedArray handling (MS Edge UAF) with PoC references and code analysis tied to the 2016 CVE family (e.g., CVE-2016-7288, CVE-2016-7286) and Chakra.dll internals. It details how a TypedArray.sort callback can trigger ...
CVE-2016-7286
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7288, CVE-2016-7296, and CVE-2016-7297...
CVE-2016-7286
CVE-2016-7286: Microsoft Edge scripting engine memory corruption via a crafted web site. Connected docs discuss a related Edge UAF in CVE-2016-7288 (TypedArray.sort in Chakra.dll) with PoC details and analysis, indicating a memory corruption class vulnerability; MS16-145 patch is identified in th...
CVE-2016-7288
CVE-2016-7288 is discussed in connected analysis as an MS Edge UAF vulnerability in the JavaScript TypedArray.sort path (TypedArrayBase::EntrySort) triggered via a user-supplied compare function. The root cause is memory-safety misuse during qsort_s-based sorting of TypedArrays, enabling memory c...
Microsoft Internet Explorer and Edge Memory Corruption Vulnerability (CNVD-2016-12413)
Microsoft Internet Explorer is the default browser that comes with operating systems prior to Windows 10, and Microsoft Edge is the default browser that comes with the latest operating system, Windows 10. A memory corruption vulnerability exists in the scripting engine in Microsoft Internet...
KLA10920 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A security feature bypass vulnerability in Microsoft...
Microsoft Internet Explorer Memory Corruption (MS16-144: CVE-2016-7279)
A remote code execution vulnerability exists in Internet Explorer and Microsoft Edge. The vulnerability is due to the way scripting engine renders when handling objects in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected...
Microsoft Edge Scripting Engine - Memory Corruption (MS16-129) Exploit
Exploit for windows platform in category dos / poc !-- Source: http://www.security-assessment.com/files/documents/advisory/edgechakramemcorruption.pdf Name: Microsoft Edge Scripting Engine Memory Corruption Vulnerability MS16-129 CVE: CVE-2016-7202 Vendor Website: http://www.microsoft.com/ Date...
Memory corruption
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202,...
CVE-2016-7243
CVE-2016-7243 concerns the Chakra JavaScript engine in Microsoft Edge (ChakraCore) and allows remote attackers to execute arbitrary code or cause memory corruption via a crafted web site. Connected advisories confirm this as a ChakraCore RCE vulnerability distinct from other CVEs in the same fami...
Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CNVD-2016-10955)
Microsoft Edge is a Web browser developed by the American company Microsoft Microsoft. A memory corruption vulnerability exists in the scripting engine implementation of Microsoft Edge's handling of in-memory objects, which can be exploited by an attacker via a specially crafted Web site to run...
Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CNVD-2016-10954)
Microsoft Edge is a Web browser developed by the American company Microsoft Microsoft. A memory corruption vulnerability exists in the scripting engine implementation of Microsoft Edge's handling of in-memory objects, which can be exploited by an attacker via a specially crafted Web site to run...
Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CNVD-2016-10947)
Microsoft Edge is a Web browser developed by the American company Microsoft Microsoft. A memory corruption vulnerability exists in the scripting engine implementation of Microsoft Edge's handling of in-memory objects, which can be exploited by an attacker via a specially crafted Web site to run...
Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CNVD-2016-10950)
Microsoft Edge is a Web browser developed by the American company Microsoft Microsoft. A memory corruption vulnerability exists in the scripting engine implementation of Microsoft Edge's handling of in-memory objects, which can be exploited by an attacker via a specially crafted Web site to run...
Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CNVD-2016-10952)
Microsoft Edge is a Web browser developed by the American company Microsoft Microsoft. A memory corruption vulnerability exists in the scripting engine implementation of Microsoft Edge's handling of in-memory objects, which can be exploited by an attacker via a specially crafted Web site to run...
Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CNVD-2016-10946)
Microsoft Edge is a Web browser developed by the American company Microsoft Microsoft. A memory corruption vulnerability exists in the scripting engine implementation of Microsoft Edge's handling of in-memory objects, which can be exploited by an attacker via a specially crafted Web site to run...
Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CNVD-2016-10941)
Microsoft Edge is a web browser developed by Microsoft USA and is the default browser that comes with the Windows 10 operating system. A memory corruption vulnerability exists in the rendering of the Microsoft Edge scripting engine, which stems from the program failing to properly handle objects ...
Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CNVD-2016-10953)
Microsoft Edge is a Web browser developed by the American company Microsoft Microsoft. A memory corruption vulnerability exists in the scripting engine implementation of Microsoft Edge's handling of in-memory objects, which can be exploited by an attacker via a specially crafted Web site to run...
Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully...