Strike ID:
E19-0p9n1
CVSS:
7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
2018

Description

This strike exploits a vulnerability in the Microsoft Edge Browser. Specifically, the vulnerability exists when the BoundFunction::NewInstance function is used to handle calls to a bound function. This method allocates a new argument array and copies the arguments into the new argument array. It will call the function without respecting the CallFlags ExtraArg flag that indicates that theres an extra argument at the end of the array. This then results in the new array size being one less than what is required, leading to an Out of Bounds memory read. This can cause a denial of service condition in the browser or potentially lead to remote code execution.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}