Jump to content
Nytro

Microsoft Windows 10 Edge - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution

By Nytro, in Exploituri

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted 
Source: https://github.com/theori-io/chakra-2016-11
 
Proofs of Concept: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40990.zip
 
 
chakra.dll Info Leak + Type Confusion for RCE
 
Proof-of-Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201)
 
Tested on Windows 10 Edge (modern.ie stable).
 
FillFromPrototypes_TypeConfusion.html: WinExec notepad.exe
 
FillFromPrototypes_TypeConfusion_NoSC.html: 0xcc (INT 3)
 
To run:
 
Download exploit/FillFromPrototypes_TypeConfusion.html to a directory.
Serve the directory using a webserver (or python's simple HTTP server).
Browse with a victim IE to FillFromPrototypes_TypeConfusion.html.

Sursa: https://www.exploit-db.com/exploits/40990/

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...