Lucene search
K

9 matches found

Veracode
Veracode
added 2018/11/15 7:27 a.m.31 views

Remote Code Execution (RCE)

Microsoft.Chakracore is vulnerable to a remote code execution RCE attack. The library does not properly handle objects in memory in the GlobOpt::CheckJsArrayKills function in lib/Backend/GlobOpt.cpp, allowing a malicious user to inject and execute arbitrary code...

7.5CVSS8.1AI score0.14159EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2018/10/11 5:52 a.m.18 views

Remote Code Execution (RCE)

Microsoft.ChakraCore is vulnerable to remote code execution RCE attacks. The vulnerability exists due to an Use-After-Free UAF issue of the LdFld instruction in GlobOpt::prePassInstrMap...

7.5CVSS7.9AI score0.14607EPSS
Exploits0References5Affected Software2
exploitpack
exploitpack
added 2018/02/15 12:0 a.m.13 views

Microsoft Edge Chakra JIT - GlobOpt::OptTagChecks Must Consider IsLoopPrePass Properly (2)

Microsoft Edge Chakra JIT - GlobOpt::OptTagChecks Must Consider IsLoopPrePass Properly 2 It seems this is the patch for the bug. https://github.com/Microsoft/ChakraCore/pull/4226/commits/874551dd00ff6f404e593c7e0162efb54b953f5a The following two cases will bypass the fix. 1: function opt let obj ...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/02/15 12:0 a.m.59 views

Microsoft Edge Chakra JIT - GlobOpt::OptTagChecks Must Consider IsLoopPrePass Properly (2)

Exploit for windows platform in category dos / poc It seems this is the patch for the bug. https://github.com/Microsoft/ChakraCore/pull/4226/commits/874551dd00ff6f404e593c7e0162efb54b953f5a The following two cases will bypass the fix. 1: function opt let obj = new Number2.3023e-320; for let i = 0...

7.6CVSS7.5AI score0.78434EPSS
Exploits3
seebug.org
seebug.org
added 2017/12/04 12:0 a.m.45 views

Microsoft Edge: Chakra: JIT: GlobOpt::OptTagChecks must consider IsLoopPrePass properly(CVE-2017-11840)

There's one more place that emits a BailOnNotObject opcode. Here's a snippet of GlobOpt::OptTagChecks. if valueType.CanBeTaggedValue && !valueType.HasBeenNumber && this-IsLoopPrePass || !this-currentBlock-loop ValueType newValueType = valueType.SetCanBeTaggedValuefalse; // Split out the tag check...

7.6CVSS7.4AI score0.59642EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/11/27 12:0 a.m.46 views

Microsoft Edge Chakra JIT - 'GlobOpt::OptTagChecks' Must Consider IsLoopPrePass Properly

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1365 Some background: https://bugs.chromium.org/p/project-zero/issues/detail?id=1364 There's one more place that emits a BailOnNotObject opcode. Here's a snippet of GlobOpt::OptTagChecks. if valueType.CanBeTaggedValue &&...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2017/11/27 12:0 a.m.14 views

Microsoft Edge Chakra JIT - GlobOpt::OptTagChecks Must Consider IsLoopPrePass Properly

Microsoft Edge Chakra JIT - GlobOpt::OptTagChecks Must Consider IsLoopPrePass Properly / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1365 Some background: https://bugs.chromium.org/p/project-zero/issues/detail?id=1364 There's one more place that emits a BailOnNotObject opcod...

7.4AI score
Exploits0
0day.today
0day.today
added 2017/11/26 12:0 a.m.57 views

Microsoft Edge Chakra JIT GlobOpt::OptTagChecks Property Consideration Exploit

Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: JIT: GlobOpt::OptTagChecks must consider IsLoopPrePass properly CVE-2017-11840 Some background: https://bugs.chromium.org/p/project-zero/issues/detail?id=1364 There's one more place that emits a BailOnNotObject opcode...

7.6CVSS7.5AI score0.59642EPSS
Exploits3
Packet Storm
Packet Storm
added 2017/11/25 12:0 a.m.45 views

Microsoft Edge Chakra JIT GlobOpt::OptTagChecks Property Consideration

Microsoft Edge: Chakra: JIT: GlobOpt::OptTagChecks must consider IsLoopPrePass properly CVE-2017-11840 Some background: https://bugs.chromium.org/p/project-zero/issues/detail?id=1364 There's one more place that emits a BailOnNotObject opcode. Here's a snippet of GlobOpt::OptTagChecks. if...

0.2AI score0.59642EPSS
Exploits3
Rows per page
Query Builder