Microsoft Edge (Windows 10) - Info Leak / Type Confusion Remote Code Execution

2017.01.07

TheBlaCkCoDeR (DZ)

Risk: High

Local: No

Remote: Yes

CVE: CVE-2016-7200 | CVE-2016-7201

CWE: N/A

Microsoft Edge Windows 10 >> 'chakra.dll' >> "chakra.dll" Info Leak + Type Confusion for RCE.
Tested on Windows 10 Edge (modern.ie stable).
FillFromPrototypes_TypeConfusion.html: WinExec notepad.exe
FillFromPrototypes_TypeConfusion_NoSC.html: 0xcc (INT 3)

# PoC # Proof of Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201) #
Exploit: 
https://github.com/TheBlaCkCoDeR09/Microsoft-Edge-Windows-10-RCE-EXPLOIT

References:

https://github.com/TheBlaCkCoDeR09/Microsoft-Edge-Windows-10-RCE-EXPLOIT

https://github.com/theori-io/chakra-2016-11

Github:

https://github.com/TheBlaCkCoDeR09

https://www.fb.me/TheBlaCkCoDeR09

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Microsoft Edge (Windows 10) - Info Leak / Type Confusion Remote Code Execution

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.