Lucene search
AnonymousZDI-16-677HistoryJan 20, 2017 - 12:00 a.m.
Microsoft Windows JavaScript Array.concat Type Confusion Information Disclosure Vulnerability
2017-01-2000:00:00
Anonymous
www.zerodayinitiative.com
20
0.316 Low
EPSS
Percentile
97.0%
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the JavaScript Array.concat method. By performing actions in JavaScript an attacker can trigger a type confusion condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Related
symantec
symantec
Microsoft Edge CVE-2016-7297 Remote Memory Corruption Vulnerability
2016-12-13 00:00:00
mscve
mscve
Scripting Engine Memory Corruption Vulnerability
2016-12-13 08:00:00
prion
prion
Memory corruption
2016-12-20 06:59:00
Memory corruption
2016-12-20 06:59:00
Memory corruption
2016-12-20 06:59:00
cvelist
cvelist
cve
cve
nvd
nvd
openvas
openvas
Microsoft Edge Multiple Vulnerabilities (3204062)
2016-12-14 00:00:00
mskb
mskb
MS16-145: Cumulative security update for Microsoft Edge: December 13, 2016
2016-12-13 00:00:00
December 13, 2016 — KB3205386 (OS Build 10586.713)
2016-12-13 08:00:00
December 13, 2016 — KB3206632 (OS Build 14393.576)
2016-12-13 08:00:00
nessus
nessus
MS16-145: Cumulative Security Update for Microsoft Edge (3204062)
2016-12-14 00:00:00
kaspersky
kaspersky
KLA10920 Multiple vulnerabilities in Microsoft Browser
2016-12-13 00:00:00