Lucene search
Brian PakEXPLOITPACK:883CFD2606CB37ED8C611FC05BB06F5AHistoryJan 05, 2017 - 12:00 a.m.
Microsoft Edge (Windows 10) - chakra.dll Information Leak Type Confusion Remote Code Execution
2017-01-0500:00:00
Brian Pak
18
EPSS
0.962
Percentile
99.6%
Microsoft Edge (Windows 10) - chakra.dll Information Leak Type Confusion Remote Code Execution
Source: https://github.com/theori-io/chakra-2016-11
Proofs of Concept: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40990.zip
chakra.dll Info Leak + Type Confusion for RCE
Proof-of-Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201)
Tested on Windows 10 Edge (modern.ie stable).
FillFromPrototypes_TypeConfusion.html: WinExec notepad.exe
FillFromPrototypes_TypeConfusion_NoSC.html: 0xcc (INT 3)
To run:
Download exploit/FillFromPrototypes_TypeConfusion.html to a directory.
Serve the directory using a webserver (or python's simple HTTP server).
Browse with a victim IE to FillFromPrototypes_TypeConfusion.html.Related
zdt
zdt
Microsoft Windows 10 Edge - chakra.dll Info Leak / Type Confusion Remote Code Execution Exploit
2017-01-06 00:00:00
Microsoft Edge - Array.filter Info Leak Vulnerability
2016-11-19 00:00:00
Microsoft Edge - FillFromPrototypes Type Confusion Exploit
2016-11-19 00:00:00
exploitdb
exploitdb
Microsoft Edge (Windows 10) - 'chakra.dll' Information Leak / Type Confusion Remote Code Execution
2017-01-05 00:00:00
Microsoft Edge - 'FillFromPrototypes' Type Confusion
2016-11-18 00:00:00
Microsoft Edge - 'Array.filter' Information Leak
2016-11-18 00:00:00
threatpost
threatpost
Two New Edge Exploits Integrated into Sundown Exploit Kit
2017-01-10 11:28:20
checkpoint_advisories
checkpoint_advisories
Microsoft Edge Scripting Engine Memory Corruption (MS16-129: CVE-2016-7201)
2016-11-08 00:00:00
Microsoft Edge Scripting Engine Memory Corruption (MS16-129: CVE-2016-7200)
2016-11-08 00:00:00
cisa_kev
cisa_kev
Microsoft Edge Memory Corruption Vulnerability
2022-03-28 00:00:00
Microsoft Edge Memory Corruption Vulnerability
2022-03-28 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2024-07-15 09:13:19
Remote Code Execution (RCE)
2024-07-15 07:16:51
symantec
symantec
mscve
mscve
Scripting Engine Memory Corruption Vulnerability
2016-11-08 08:00:00
Scripting Engine Memory Corruption Vulnerability
2016-11-08 08:00:00
myhack58
myhack58
attackerkb
attackerkb
prion
prion
Memory corruption
2016-11-10 06:59:00
Memory corruption
2016-11-10 06:59:00
Memory corruption
2016-11-10 06:59:00
osv
osv
ChakraCore RCE Vulnerability
2022-05-14 02:22:42
ChakraCore RCE Vulnerability
2022-05-14 02:22:18
ChakraCore RCE Vulnerability
2022-05-14 02:22:42
cvelist
cvelist
nvd
nvd
cve
cve
github
github
ChakraCore RCE Vulnerability
2022-05-14 02:22:42
ChakraCore RCE Vulnerability
2022-05-14 02:22:17
ChakraCore RCE Vulnerability
2022-05-14 02:22:42
thn
thn
nessus
nessus
MS16-129: Cumulative Security Update for Microsoft Edge (3199057)
2016-11-08 00:00:00
mskb
mskb
MS16-129: Cumulative security update for Microsoft Edge: November 8, 2016
2016-11-08 00:00:00
Cumulative update for Windows 10 Version 1511: November 8, 2016
2016-11-08 08:00:00
openvas
openvas
Microsoft Edge Multiple Vulnerabities (3199057)
2016-11-09 00:00:00
kaspersky
kaspersky
KLA10900 Multiple vulnerabilities in Microsoft Browser
2016-11-08 00:00:00
githubexploit
githubexploit
Exploit for CVE-2014-4210
2022-03-19 01:54:15
Exploit for CVE-2014-4210
2022-03-19 01:54:15