Strike ID:
D19-0pgg1
CVSS:
7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
2018

Description

This strike exploits a vulnerability in the Microsoft Edge Browser. Specifically, a type confusion vulnerability exists in the Chakra Javascript engine. When object header inlining is deoptimized, the type handler of the object is converted to a dictionary type handler. However, not all attributes belong to the dictionary type, and they are not taken into consideration. If these types are added or removed type confusion will occur. This can lead to a denial of service condition in the browser, or potentially allow for remote code execution.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-%7B2018-8384%7D

References

https://support.ixiacom.com/%7B%7D

MSB

https://technet.microsoft.com/en-us/library/security/MS{}

BID

http://www.securityfocus.com/bid/{104981}

ExploitDB

http://www.exploit-db.com/exploits/{45431}

Secunia

http://secunia.com/advisories/{}

Security Tracker

http://securitytracker.com/id?%7B%7D

Metasploit

https://github.com/rapid7/metasploit-framework/blob/master/modules/{}

ZDI

http://www.zerodayinitiative.com/advisories/ZDI-{}

Google

https://code.google.com/p/google-security-research/issues/detail?id=%7B1586%7D

OSVDB

{}