Proof of Concept code for a Remote Code Execution via Microsoft Edge gets published online
1 min. read
Published on
Share this article
Improve this guide
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
A new Proof of Concept code of a Remote Code Execution has been published online. The POC demonstrates a memory corruption bug in Microsoft’s Edge web browser. The code was published today by a researcher who discovered the bug a while back.
The bug which has now be fixed by Microsoft affects Chakra which is the JavaScript engine powering Edge. The bug would allow an attacker to run on the machine arbitrary code with the same privileges as the logged user. The proof-of-concept code has 71 lines and results in an out-of-bounds (OOB) memory read leak but it can be re-engineered for more harmful outcomes.
I published the PoC for CVE-2018-8629: a JIT bug in Chakra fixed in the latest security updates. It resulted in an (almost) unbounded relative R/W https://t.co/47TIYtVB8f
— Bruno (@bkth_) December 27, 2018
Microsoft has addressed this issue in the December patch and it’s highly recommended that users install the latest cumulative updates to make sure they are safe from attacks.
Via: Bleeping Computer
