7.5
CVSSv3

CVE-2019-0539

Published: 08/01/2019 Updated: 21/11/2024

Vulnerability Summary

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567, CVE-2019-0568.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft chakracore -

microsoft edge -

Exploits

Microsoft Edge Chakra version 1114 read permission via type confusion proof of concept exploit ...
/* Issue description This is similar to issue 1702 (wwwexploit-dbcom/exploits/46203) This time, it uses an InitClass instruction to reach the SetIsPrototype method PoC: */ function opt(o, c, value) { ob = 1; class A extends c { } oa = value; } function main() { for (let i = 0; i < 2000; i++) { ...
<html> <script> /* # Exploit Title: [getting Read permission through Type Confusion] # Date: [date] # Exploit Author: [Fahad Aid Alharbi] # Vendor Homepage: [wwwmicrosoftcom/en-us/] # Version: [Chakra 1_11_4] (REQUIRED) # Tested on: [Windows 10] # CVE : [cve-2019-0539] */ /* author @0x4142 => Fahad Aid Alharbi * cve-2019 ...
NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type This can lead to type confusion in the JITed code In the PoC, it overwrites the pointer to property slots with 0x1000000001234 PoC for NewScObjectNo ...

Github Repositories

material for exploit development

From noob to 0day developer Introduction the reason why I'm writting this kind of how-to become you into a exploit writer is because I was in the same boat as you , So I had to research link by link to find the right ones I call this kind of how-to course from noob to hero covering the basics of penetration testing to the hottest topic such as Sandbox Escape The inspirat

Chakra Type Confusions - PoCs of Edge's legacy JS engine vulnerabilities that inject code into the JIT process

Chakra Type Confusions This repository contains PoCs for type confusion vulnerabilities in the ChakraCore engine used by Microsoft Edge (EdgeHTML version, not Chromium-based Edge) The PoCs inject dummy code (specifically an int 3 followed by nop) into a Just-In-Time (JIT) compilation process To verify the PoCs, attach a debugger to a JIT compilation process (one of the Micros

Advanced Web Attack and Exploitation INTRO Advanced Web Attack and Exploitations (AWAE) It is an exploit development course based on the Web it was developed by Offensive Security The course was only offline at the BlackHat conference for a couple of years, then eventually Offensive Security brings it online See the syllabus to get more details wwwoffensive-securi

Chakra Type Confusions - PoCs of Edge's legacy JS engine vulnerabilities that inject code into the JIT process

Chakra Type Confusions This repository contains PoCs for type confusion vulnerabilities in the ChakraCore engine used by Microsoft Edge (EdgeHTML version, not Chromium-based Edge) The PoCs inject dummy code (specifically an int 3 followed by nop) into a Just-In-Time (JIT) compilation process To verify the PoCs, attach a debugger to a JIT compilation process (one of the Micros