CVE-2019-0567 PoC — Microsoft Edge和ChakraCore 缓冲区错误漏洞

Source

https://github.com/NatteeSetobol/CVE-2019-0567-MS-Edge

Associated Vulnerability

Title:Microsoft Edge和ChakraCore 缓冲区错误漏洞 (CVE-2019-0567)
Description:Microsoft Windows 10等都是美国微软（Microsoft）公司发布的一系列操作系统。Edge是其中的一个系统附带的浏览器。ChakraCore是使用在Edge的一个开源的JavaScript引擎的核心部分，也可作为单独的JavaScript引擎使用。 Microsoft Edge和ChakraCore中存在远程代码执行漏洞。远程攻击者可利用该漏洞在当前用户的上下文中执行任意代码，损坏内存。以下系统版本受到影响：Microsoft Windows 10，Windows 10版本1607，W

Description

My proof of concept for CVE-2019 Microsoft-Edge

Readme

CVE-2019-0567-MS-Edge POC


A Proof a concept for MS Edge in as an exercise to learn browser exploiting and migrations that are presented on the Windows 10 machine. All code were created by Connor McGarr and
edited to work on Windows 10 build 15063.483.

shell2js.py
My personal script to convert msfvemon C payload to the javascript payload format.


[Proof of concept video](https://www.youtube.com/watch?v=Uy8yiMQOV6s)


Connor McGarr Blog:

https://connormcgarr.github.io/type-confusion-part-3/

File Snapshot


 [4.0K]  /data/pocs/353708e4906c575912e1a574b46854625ff4b078
├── [ 80K]  poc.html
├── [ 499]  README.md
└── [1.3K]  shell2js.py

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!