Microsoft Edge: Out-of-bounds read in CInputDateTimeScrollerElement::_SelectValueInternal(CVE-2017-8644)

The vulnerability has been confirmed on Windows 10 Enterprise 64-bit OS version 1607, OS build 14393.1198 and Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393. PoC: ========================================== input:focus transform: scale10; =========================================...

Microsoft Edge CInputDateTimeScrollerElement::_SelectValueInternal Out-Of-Bounds Read

Microsoft Edge: Out-of-bounds read in CInputDateTimeScrollerElement::SelectValueInternal CVE-2017-8644 The vulnerability has been confirmed on Windows 10 Enterprise 64-bit OS version 1607, OS build 14393.1198 and Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393. PoC:...

Microsoft Edge textarea.defaultValue Memory Disclosure

Microsoft Edge: textarea.defaultValue memory disclosure CVE-2017-8652 There is a use-after free vulnerability in Microsoft Edge that can lead to memory disclosure. The vulnerability has been confirmed on Windows 10 Enterprise 64-bit OS version 1607, OS build 14393.1198, Microsoft Edge...

Microsoft Edge CssParser::RecordProperty Type Confusion

Microsoft Edge: Type confusion in CssParser::RecordProperty CVE-2017-8496 There is a type confusion vulnerability in Microsoft Edge. The vulnerability has been confirmed on Windows 10 Enterprise 64-bit OS version 1607, OS build 14393.1198 and Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML...