66 matches found
CVE-2019-1217
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300...
VulnCheck KEV: CVE-2016-7203
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200,...
Microsoft Edge Chakra Scripting Engine Remote Memory Corruption Vulnerability (CNVD-2019-24837)
Microsoft Edge is Microsoft's new browser, migrating from the EdgeHTML kernel to the Chromium kernel, and will also be coming to Windows 7/8/8.1 and macOS platforms. A remote memory corruption vulnerability exists in the Microsoft Edge Chakra Scripting Engine, which can be exploited by an attacke...
Microsoft Edge Chakra Scripting Engine Remote Memory Corruption Vulnerability (CNVD-2019-24839)
Microsoft Edge is Microsoft's new browser, migrating from the EdgeHTML kernel to the Chromium kernel, and will also be coming to Windows 7/8/8.1 and macOS platforms. A remote memory corruption vulnerability exists in Microsoft Edge Chakra Scripting Engine, which can be exploited by an attacker to...
Microsoft Edge Chakra Scripting Engine Remote Memory Corruption Vulnerability (CNVD-2019-24840)
Microsoft Edge is Microsoft's new browser, migrating from the EdgeHTML kernel to the Chromium kernel, and will also be coming to Windows 7/8/8.1 and macOS platforms. A remote memory corruption vulnerability exists in Microsoft Edge Chakra Scripting Engine, which can be exploited by an attacker to...
Microsoft Edge Chakra Scripting Engine Remote Memory Corruption Vulnerability (CNVD-2019-24843)
Microsoft Edge is Microsoft's new browser, migrating from the EdgeHTML kernel to the Chromium kernel, and will also be coming to Windows 7/8/8.1 and macOS platforms. A remote memory corruption vulnerability exists in Microsoft Edge Chakra Scripting Engine, which can be exploited by an attacker to...
Microsoft Edge Chakra Scripting Engine Remote Memory Corruption Vulnerability (CNVD-2019-24844)
Chakra Scripting Engine is a JavaScript engine developed by Microsoft for its Microsoft Edge web browser. It is a fork of the JScript engine used in Internet Explorer. Chakra Scripting Engine has a remote memory corruption vulnerability in the way it handles objects in Microsoft Edge memory. The...
PT-2019-1823 · Microsoft · Edge
Name of the Vulnerable Software and Affected Versions: Microsoft Edge affected versions not specified Description: The issue is related to a remote code execution problem in the Chakra scripting engine of Microsoft Edge, caused by a buffer overflow in memory. This could allow an attacker to execu...
Microsoft Edge Chakra 1.11.4 Type Confusion
/ Exploit Title: getting Read permission through Type Confusion Date: date Exploit Author: Fahad Aid Alharbi Vendor Homepage: https://www.microsoft.com/en-us/ Version: Chakra 1114 REQUIRED Tested on: Windows 10 CVE : cve-2019-0539 / / author @0x4142 = Fahad Aid Alharbi cve-2019-0539 Getting Read ...
Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion
Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion / Exploit Title: getting Read permission through Type Confusion Date: date Exploit Author: Fahad Aid Alharbi Vendor Homepage: https://www.microsoft.com/en-us/ Version: Chakra 1114 REQUIRED Tested on: Windows 10 CVE : cve-2019-0539 ...
Microsoft Edge Chakra - NewScObjectNoCtor or InitProto Type Confusion
Microsoft Edge Chakra - NewScObjectNoCtor or InitProto Type Confusion NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusio...
Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion
NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code. In the PoC, it overwrites the pointer to property...
Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion
/ In Chakra, if you add a numeric property to an object having inlined properties, it will start transition to a new type where the space for some of previously inlined properties become for the pointer to the property slots and the pointer to the object array which stores numeric properties. For...
Microsoft Edge Chakra - OP_Memset Type Confusion Exploit
Exploit for windows platform in category dos / poc Microsoft Edge Chakra - OPMemset Type Confusion / Since the patch for CVE-2018-8372, it checks all inputs to native arrays, and if any input equals to the MissingItem value which can cause type confusion, it starts the bailout process. But it...
Remote code execution
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542,...
Microsoft Edge Chakra - PathTypeHandlerBase::SetAttributesHelper Type Confusion
Microsoft Edge Chakra - PathTypeHandlerBase::SetAttributesHelper Type Confusion / Here's a snippet of PathTypeHandlerBase::SetAttributesHelper. PathTypeHandlerBase predTypeHandler = this; DynamicType currentType = instance-GetDynamicType; while predTypeHandler-GetPathLength propertyIndex...
Microsoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion
Microsoft Edge: Chakra: Type confusion with PathTypeHandlerBase::SetAttributesHelper CVE-2018-8384 Here's a snippet of PathTypeHandlerBase::SetAttributesHelper. PathTypeHandlerBase predTypeHandler = this; DynamicType currentType = instance-GetDynamicType; while predTypeHandler-GetPathLength...
Microsoft Edge Chakra JIT - DictionaryPropertyDescriptor::CopyFrom Type Confusion
Microsoft Edge Chakra JIT - DictionaryPropertyDescriptor::CopyFrom Type Confusion / Here's the method. template template void DictionaryPropertyDescriptor::CopyFromDictionaryPropertyDescriptor& descriptor this-Attributes = descriptor.Attributes; this-Data = descriptor.Data ==...
Microsoft Edge Chakra JIT - Scope Parsing Type Confusion Exploit
Exploit for windows platform in category dos / poc // PoC: async function triggera = class b await 1 let spray = ; for let i = 0; i 0016 SetHomeObj R13 R14 001b NewScObjectSimple R9 001d ProfiledStFld R9.value = R2 1 0021 ProfiledStFld R9.done = R4 2 0025 Yield R9 R9...
Microsoft Edge Chakra JIT BoundFunction::NewInstance Bug
Microsoft Edge: Chakra: A bug in BoundFunction::NewInstance CVE-2018-8139 BoundFunction::NewInstance is used to handle calls to a bound function. The method first allocates a new argument array and copies the prepended arguments and others into the new argument array and calls the actual function...