header-logo
Suggest Exploit
vendor:
Edge
by:
theori-io
9,3
CVSS
HIGH
Type Confusion
843
CWE
Product Name: Edge
Affected Version From: Edge
Affected Version To: Edge
Patch Exists: YES
Related CWE: CVE-2016-7200 & CVE-2016-7201
CPE: a:microsoft:edge
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 10
2016

chakra.dll Info Leak + Type Confusion for RCE

Proof-of-Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201). Tested on Windows 10 Edge (modern.ie stable). FillFromPrototypes_TypeConfusion.html: WinExec notepad.exe FillFromPrototypes_TypeConfusion_NoSC.html: 0xcc (INT 3)

Mitigation:

Ensure that all software is up to date and patched with the latest security updates.
Source

Exploit-DB raw data:

Source: https://github.com/theori-io/chakra-2016-11

Proofs of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40990.zip


chakra.dll Info Leak + Type Confusion for RCE

Proof-of-Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201)

Tested on Windows 10 Edge (modern.ie stable).

FillFromPrototypes_TypeConfusion.html: WinExec notepad.exe

FillFromPrototypes_TypeConfusion_NoSC.html: 0xcc (INT 3)

To run:

Download exploit/FillFromPrototypes_TypeConfusion.html to a directory.
Serve the directory using a webserver (or python's simple HTTP server).
Browse with a victim IE to FillFromPrototypes_TypeConfusion.html.

Navigation

Suggest Exploit

Services By CQR