Microsoft Edge (Windows 10) - Info Leak / Type Confusion Remote Code Execution

Published
Credit
Risk
2017.01.07
TheBlaCkCoDeR
High
CWE
CVE
Local
Remote
N/A
CVE-2016-7200
CVE-2016-7201
No
Yes

Microsoft Edge Windows 10 >> 'chakra.dll' >> "chakra.dll" Info Leak + Type Confusion for RCE.
Tested on Windows 10 Edge (modern.ie stable).
FillFromPrototypes_TypeConfusion.html: WinExec notepad.exe
FillFromPrototypes_TypeConfusion_NoSC.html: 0xcc (INT 3)

# PoC # Proof of Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201) #
Exploit:
https://github.com/TheBlaCkCoDeR09/Microsoft-Edge-Windows-10-RCE-EXPLOIT

References:

https://github.com/TheBlaCkCoDeR09/Microsoft-Edge-Windows-10-RCE-EXPLOIT
https://github.com/theori-io/chakra-2016-11
Github:
https://github.com/TheBlaCkCoDeR09
https://www.fb.me/TheBlaCkCoDeR09


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com