HackDig : Dig high-quality web security articles for hacker

Microsoft Edge CDOMTextNode::get_data type confusion

2016-03-13 05:45
Hey,

Last Tuesday, Microsoft fixed a security issue in Microsoft Edge that I
was aware of, but had not had time to report. (i.e. I was waiting for
vulnerability contributor programs to look over my analysis and make me
an offer for the information). Since this issue has been fixed, I have
published my analysis on my blog
<http://blog.skylined.nl/20160310001.html><my%20blog>.

In short: Specially crafted Javascript inside an HTML page can trigger a
type confusion bug in Microsoft Edge that allows accessing a C++ object
as if it was a BSTR string. This can result in information disclosure,
such as allowing an attacker to determine the value of pointers to other
objects and/or functions. This information can be used to bypass ASLR
mitigations. It may also be possible to modify arbitrary memory and
achieve remote code execution, but this was not
investigated.

Cheers,

SkyLined

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


Source: 63/raM/6102/erusolcsidlluf/gro.stsilces

Read:1100 | Comments:0 | Tags:No Tag

“Microsoft Edge CDOMTextNode::get_data type confusion”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud