Strike ID:
D19-0pgg1
CVSS:
7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
2018

Description

This strike exploits a vulnerability in the Microsoft Edge Browser. Specifically, a type confusion vulnerability exists in the Chakra Javascript engine. When object header inlining is deoptimized, the type handler of the object is converted to a dictionary type handler. However, not all attributes belong to the dictionary type, and they are not taken into consideration. If these types are added or removed type confusion will occur. This can lead to a denial of service condition in the browser, or potentially allow for remote code execution.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}