Full Disclosure mailing list archives

By Date By Thread Microsoft Edge CDOMTextNode::get_data type confusion From: Berend-Jan Wever <berendjanwever () gmail com>

Date: Sat, 12 Mar 2016 00:02:01 +0100

Hey, Last Tuesday, Microsoft fixed a security issue in Microsoft Edge that I was aware of, but had not had time to report. (i.e. I was waiting for vulnerability contributor programs to look over my analysis and make me an offer for the information). Since this issue has been fixed, I have published my analysis on my blog <http://blog.skylined.nl/20160310001.html><my%20blog>. In short: Specially crafted Javascript inside an HTML page can trigger a type confusion bug in Microsoft Edge that allows accessing a C++ object as if it was a BSTR string. This can result in information disclosure, such as allowing an attacker to determine the value of pointers to other objects and/or functions. This information can be used to bypass ASLR mitigations. It may also be possible to modify arbitrary memory and achieve remote code execution, but this was not investigated. Cheers, SkyLined _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ By Date By Thread Current thread: Microsoft Edge CDOMTextNode::get_data type confusion Berend-Jan Wever (Mar 12)