Published: 08/01/2019 Updated: 24/08/2020

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 776

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567, CVE-2019-0568.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft chakracore -
microsoft edge -

Microsoft Edge Chakra version 1114 read permission via type confusion proof of concept exploit ...

NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type This can lead to type confusion in the JITed code In the PoC, it overwrites the pointer to property slots with 0x1000000001234 PoC for NewScObjectNo ...

/* Issue description This is similar to issue 1702 (wwwexploit-dbcom/exploits/46203) This time, it uses an InitClass instruction to reach the SetIsPrototype method PoC: */ function opt(o, c, value) { ob = 1; class A extends c { } oa = value; } function main() { for (let i = 0; i < 2000; i++) { ...

<html> <script> /* # Exploit Title: [getting Read permission through Type Confusion] # Date: [date] # Exploit Author: [Fahad Aid Alharbi] # Vendor Homepage: [wwwmicrosoftcom/en-us/] # Version: [Chakra 1_11_4] (REQUIRED) # Tested on: [Windows 10] # CVE : [cve-2019-0539] */ /* author @0x4142 => Fahad Aid Alharbi * cve-2019 ...

material for exploit development

From noob to 0day developer Introduction the reason why I'm writting this kind of how-to become you into a exploit writer is because I was in the same boat as you , So I had to research link by link to find the right ones I call this kind of how-to course from noob to hero covering the basics of penetration testing to the hottest topic such as Sandbox Escape The inspirat

R/W

CVE-2019-0539

Advanced Web Attack and Exploitation INTRO Advanced Web Attack and Exploitations (AWAE) It is an exploit development course based on the Web it was developed by Offensive Security The course was only offline at the BlackHat conference for a couple of years, then eventually Offensive Security brings it online See the syllabus to get more details wwwoffensive-securi

Chakra Type Confusions - PoCs of Edge's legacy JS engine vulnerabilities that inject code into the JIT process

Chakra Type Confusions This repository contains PoCs for type confusion vulnerabilities in the ChakraCore engine used by Microsoft Edge (EdgeHTML version, not Chromium-based Edge) The PoCs inject dummy code (specifically an int 3 followed by nop) into a Just-In-Time (JIT) compilation process To verify the PoCs, attach a debugger to a JIT compilation process (one of the Micros

Chakra Type Confusions - PoCs of Edge's legacy JS engine vulnerabilities that inject code into the JIT process

Chakra Type Confusions This repository contains PoCs for type confusion vulnerabilities in the ChakraCore engine used by Microsoft Edge (EdgeHTML version, not Chromium-based Edge) The PoCs inject dummy code (specifically an int 3 followed by nop) into a Just-In-Time (JIT) compilation process To verify the PoCs, attach a debugger to a JIT compilation process (one of the Micros

CWE-787 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0539 http://www.securityfocus.com/bid/106401 https://www.exploit-db.com/exploits/46204/https://www.exploit-db.com/exploits/46203/https://www.exploit-db.com/exploits/46485/https://nvd.nist.gov https://packetstormsecurity.com/files/151961/Microsoft-Edge-Chakra-1.11.4-Type-Confusion.html https://github.com/SkyBulk/the-day-of-nightmares https://www.exploit-db.com/exploits/46203

CVE-2019-0539

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect