Microsoft Edge (Windows 10) – ‘chakra.dll’ Information Leak / Type Confusion Remote Code Execution

Exploit Database
14 阅读

作者： Brian Pak

日期： 2017-01-05
类别：
- remote
平台：
- windows
来源：https://www.exploit-db.com/exploits/40990/

Source: https://github.com/theori-io/chakra-2016-11

Proofs of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40990.zip


chakra.dll Info Leak + Type Confusion for RCE

Proof-of-Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201)

Tested on Windows 10 Edge (modern.ie stable).

FillFromPrototypes_TypeConfusion.html: WinExec notepad.exe

FillFromPrototypes_TypeConfusion_NoSC.html: 0xcc (INT 3)

To run:

Download exploit/FillFromPrototypes_TypeConfusion.html to a directory.
Serve the directory using a webserver (or python's simple HTTP server).
Browse with a victim IE to FillFromPrototypes_TypeConfusion.html.

last Exploits
Microsoft Edge (Windows 10) – ‘chakra.dll’ Information Leak / Type Confusion Remote Code Execution的更多信息

WordPress Plugin MailPoet Newsletters 2.6.8 – ‘wysija-newsletters’ Arbitrary File Upload (Metasploit)：
Mongoose Web Server 2.8 – Multiple Directory Traversals：
Quantum DXi V1000 2.2.1 – Static SSH Key：
Adobe Flash Player – Drawing Fill Shader Memory Corruption (Metasploit)：
Microsoft Internet Explorer – CDisplayPointer Use-After-Free (MS13-080) (Metasploit)：
Equipment Rental Script-1.0 – SQLi：
HPE iMC 7.3 – RMI Java Deserialization：
Easy Address Book Web Server 1.6 – USERID Remote Buffer Overflow：