Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Exploit DB
Exploit DBadded 2019/01/18 12:0 a.m.48 views

Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion

NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code. In the PoC, it overwrites the pointer to property...

7.4AI score
Exploits0
exploitpack
exploitpackadded 2019/01/18 12:0 a.m.11 views

Microsoft Edge Chakra - NewScObjectNoCtor or InitProto Type Confusion

Microsoft Edge Chakra - NewScObjectNoCtor or InitProto Type Confusion NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusio...

0.3AI score
Exploits0
Packet Storm
Packet Stormadded 2018/02/15 12:0 a.m.45 views

Microsoft Edge Chakra JIT NewScObjectNoCtor Array Type Confusion

Microsoft Edge: Chakra: JIT: Array type confusion via NewScObjectNoCtor CVE-2018-0838 This is similar to the previous issues 1457, 1459 MSRC 42551, MSRC 42552. If a JavaScript function is used as a consturctor, it sets the new object's "proto" to its "prototype". The JIT compiler uses...

7.5AI score0.79299EPSS
Exploits15
0day.today
0day.todayadded 2018/02/15 12:0 a.m.45 views

Microsoft Edge Chakra JIT - NewScObjectNoCtor Array Type Confusion Exploit

Exploit for windows platform in category dos / poc / This is similar to the previous issues 1457, 1459 MSRC 42551, MSRC 42552. If a JavaScript function is used as a consturctor, it sets the new object's "proto" to its "prototype". The JIT compiler uses NewScObjectNoCtor instructions to perform it...

7.6CVSS7.5AI score0.79299EPSS
Exploits15
exploitpack
exploitpackadded 2018/02/15 12:0 a.m.15 views

Microsoft Edge Chakra JIT - NewScObjectNoCtor Array Type Confusion

Microsoft Edge Chakra JIT - NewScObjectNoCtor Array Type Confusion / This is similar to the previous issues 1457, 1459 MSRC 42551, MSRC 42552. If a JavaScript function is used as a consturctor, it sets the new object's "proto" to its "prototype". The JIT compiler uses NewScObjectNoCtor instructio...

0.2AI score
Exploits0
Exploit DB
Exploit DBadded 2018/02/15 12:0 a.m.31 views

Microsoft Edge Chakra JIT - 'NewScObjectNoCtor' Array Type Confusion

/ This is similar to the previous issues 1457, 1459 MSRC 42551, MSRC 42552. If a JavaScript function is used as a consturctor, it sets the new object's "proto" to its "prototype". The JIT compiler uses NewScObjectNoCtor instructions to perform it, but those instructions are not checked by...

7.4AI score
Exploits0
Rows per page
Query Builder