Microsoft Edge: PoC for Remote Execution Vulnerability

[German]A security researcher has published an exploit code as a Proof of Concept (PoC) that exploits a remote execution vulnerability in the JavaScript engine of Microsoft Edge.


Advertising


The proof-of-concept code is 71 lines long and results in an out-of-bounds (OOB) memory read leak error in the chakra engine. The exploit code exploits the Chakra Engine memory error in the Microsoft Edge web browser for remote code execution on unpatched machines.

Security researcher Bruno Keith from the phoenhex team has published the exploit code on Github and made it public on Twitter in the tweet above. He could, if I interpret it correctly, take advantage of a bug mentioned just before Christmas. The bug in the edge browser’s chakra engine probably has a critical impact on most of the operating systems it affects. The only systems with a “moderate” severity are the Windows Server Editions 2019 and 2016.

In December 2018 Microsoft addressed the Chakra Scripting Engine Memory Corruption Vulnerability in CVE-2018-8629. At the same time, updates for Windows 10 and the affected Windows Server variants are available. Anyone working with these operating systems should therefore install the updates offered under CVE-2018-8629 immediately. Some additional information can be found at Bleeping Computer, which has addressed the topic here.


Advertising


This entry was posted in browser, Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *