vendor:
Chakra
by:
Fahad Aid Alharbi
7.5
CVSS
HIGH
Type Confusion
119
CWE
Product Name: Chakra
Affected Version From: Chakra 1_11_4
Affected Version To: Chakra 1_11_4
Patch Exists: NO
Related CWE: CVE-2019-0539
CPE: a:microsoft:chakra:1_11_4
Platforms Tested: Windows 10
2019
getting Read permission through Type Confusion
This exploit demonstrates how to gain read permission through type confusion. It takes advantage of a vulnerability in the Chakra version 1_11_4. By manipulating the object properties and using a specific ArrayBuffer, the exploit sets up a read operation on a target ArrayBuffer.
Mitigation:
Apply the latest patches and updates from the vendor. Additionally, ensure that all user inputs are properly validated and sanitized.