Strike ID:
E19-0pdj1
CVSS:
7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
2018

Description

This strike exploits a vulnerability in the Microsoft Edge Browser. Specifically the vulnerability exists inside the Microsoft Chakra Javascript engine. It is possible to craft invalid Javascript that still gets parsed by the Chakra engine, which can result in type confusion in the InterpreterStackFrame::OP ResumeYield method. This can cause a denial of service in the browser or potentially lead to remote code execution.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}