4 matches found
Remote Code Execution (RCE)
microsoft.chakracore is vulnerable to remote code execution. This is due to a Use-After-Free UAF vulnerability in JavascriptError::SetErrorMessageProperties which could cause memory corruption and allow an attacker to execute code in the context of the current user. This CVE ID is different from...
chakra: Crash in Js::JavascriptError::Is
Project: https://github.com/Microsoft/ChakraCore.git Detailed report: https://oss-fuzz.com/testcase?key=6196917705900032 Project: chakra Fuzzer: jsfuzzer Job Type: asanchakra Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00107fff8004 Crash State: Js::JavascriptError::Is...
Microsoft Edge Chakra JavascriptFunction::EntryCall Mishandled CallInfo
Microsoft Edge: Chakra: JavascriptFunction::EntryCall doesn't handle CallInfo properly CVE-2017-8671 Here's the method. Var JavascriptFunction::EntryCallRecyclableObject function, CallInfo callInfo, ... PROBESTACKfunction-GetScriptContext, Js::Constants::MinStackDefault; RUNTIMEARGUMENTSargs,...
Yelp: [Yelp Blog] Backslash in search string causes JS error
Non-escaped backslash bug. PoC: https://www.yelpblog.com/?s=test\ See screenshot...