Jump to content
Nytro

Microsoft Windows 10 Edge - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution

By Nytro, in Exploituri

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted 
Source: https://github.com/theori-io/chakra-2016-11
 
Proofs of Concept: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40990.zip
 
 
chakra.dll Info Leak + Type Confusion for RCE
 
Proof-of-Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201)
 
Tested on Windows 10 Edge (modern.ie stable).
 
FillFromPrototypes_TypeConfusion.html: WinExec notepad.exe
 
FillFromPrototypes_TypeConfusion_NoSC.html: 0xcc (INT 3)
 
To run:
 
Download exploit/FillFromPrototypes_TypeConfusion.html to a directory.
Serve the directory using a webserver (or python's simple HTTP server).
Browse with a victim IE to FillFromPrototypes_TypeConfusion.html.

Sursa: https://www.exploit-db.com/exploits/40990/

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...