{"id":8180,"date":"2019-01-06T00:21:00","date_gmt":"2019-01-05T23:21:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=8180"},"modified":"2019-01-04T09:25:41","modified_gmt":"2019-01-04T08:25:41","slug":"microsoft-edge-poc-for-remote-execution-vulnerability","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/01\/06\/microsoft-edge-poc-for-remote-execution-vulnerability\/","title":{"rendered":"Microsoft Edge: PoC for Remote Execution Vulnerability"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/11\/IE.jpg\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2019\/01\/04\/microsoft-edge-poc-fr-remote-execution-schwachstelle\/\" target=\"_blank\">German<\/a>]A security researcher has published an exploit code as a Proof of Concept (PoC) that exploits a remote execution vulnerability in the JavaScript engine of Microsoft Edge.<\/p>\n<p><!--more--><\/p>\n<p>The proof-of-concept code is 71 lines long and results in an out-of-bounds (OOB) memory read leak error in the chakra engine. The exploit code exploits the Chakra Engine memory error in the Microsoft Edge web browser for remote code execution on unpatched machines.   <\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\">I published the PoC for CVE-2018-8629: a JIT bug in Chakra fixed in the latest security updates. It resulted in an (almost) unbounded relative R\/W <a href=\"https:\/\/t.co\/47TIYtVB8f\">https:\/\/t.co\/47TIYtVB8f<\/a><\/p>\n<p>\u2014 Bruno Keith (@bkth_) <a href=\"https:\/\/twitter.com\/bkth_\/status\/1078362865709527040?ref_src=twsrc%5Etfw\">27. Dezember 2018<\/a><\/p><\/blockquote>\n<p><span id=\"preserveea5ce138805b42a6a7f76976ec81aaf5\" class=\"wlWriterPreserve\"><SCRIPT charset=\"utf-8\" src=\"https:\/\/platform.twitter.com\/widgets.js\" async><\/SCRIPT><\/span> <\/p>\n<p>Security researcher Bruno Keith from the <a href=\"https:\/\/twitter.com\/phoenhex\" target=\"_blank\">phoenhex team<\/a> has published the exploit code on Github and made it public on Twitter in the tweet above. He could, if I interpret it correctly, take advantage of a bug mentioned just before Christmas. The bug in the edge browser's chakra engine probably has a critical impact on most of the operating systems it affects. The only systems with a \"moderate\" severity are the Windows Server Editions 2019 and 2016.  <\/p>\n<p>In December 2018 Microsoft addressed the Chakra Scripting Engine Memory Corruption Vulnerability in <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-8629\" target=\"_blank\">CVE-2018-8629<\/a>. At the same time, updates for Windows 10 and the affected Windows Server variants are available. Anyone working with these operating systems should therefore install the updates offered under <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-8629\" target=\"_blank\">CVE-2018-8629<\/a> immediately. Some additional information can be found at Bleeping Computer, which has addressed the topic <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/demo-exploit-code-published-for-remote-code-execution-via-microsoft-edge\/\" target=\"_blank\">here<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]A security researcher has published an exploit code as a Proof of Concept (PoC) that exploits a remote execution vulnerability in the JavaScript engine of Microsoft Edge.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[872,580,2],"tags":[1062,1079],"class_list":["post-8180","post","type-post","status-publish","format-standard","hentry","category-browser","category-security","category-windows","tag-microsoft-edge","tag-sicherheit"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/8180","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=8180"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/8180\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=8180"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=8180"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=8180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}