E18-3dwl1
CVSS:
7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
1
Year:
2017
Description
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to create Javascript in such a way that allows for the RemoveEmptyLoopAfterMemOp function to remove empty function loops. However, when this is called it may not take all branches into consideration and can potentially break the control flow. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVE
https://code.google.com/p/google-security-research/issues/detail?id=1384