D19-0pgg1
CVSS:
7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
2018
Description
This strike exploits a vulnerability in the Microsoft Edge Browser. Specifically, a type confusion vulnerability exists in the Chakra Javascript engine. When object header inlining is deoptimized, the type handler of the object is converted to a dictionary type handler. However, not all attributes belong to the dictionary type, and they are not taken into consideration. If these types are added or removed type confusion will occur. This can lead to a denial of service condition in the browser, or potentially allow for remote code execution.
CVE
References
MSB
BID
ExploitDB
Secunia
Security Tracker
Metasploit
ZDI
OSVDB
{}