CVE-2016-7200 PoC — Microsoft Edge 脚本引擎内存损坏漏洞

Source

https://github.com/theori-io/chakra-2016-11

Associated Vulnerability

Title:Microsoft Edge 脚本引擎内存损坏漏洞 (CVE-2016-7200)
Description:Microsoft Edge是美国微软（Microsoft）公司开发的一款Web浏览器，是Windows 10操作系统附带的默认浏览器。 Microsoft Edge脚本引擎渲染中存在远程执行代码漏洞，该漏洞源于程序没有正确处理内存中的对象。攻击者可利用该漏洞在当前用户的上下文中执行任意代码，也可能造成拒绝服务（内存损坏）。

Description

Proof-of-Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201)

Readme

# chakra.dll Info Leak + Type Confusion for RCE
Proof-of-Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201)

Tested on Windows 10 Edge (modern.ie stable).

FillFromPrototypes\_TypeConfusion.html: WinExec notepad.exe

FillFromPrototypes\_TypeConfusion\_NoSC.html: 0xcc (INT 3)

### To run
1. Download exploit/FillFromPrototypes\_TypeConfusion.html to a directory.
2. Serve the directory using a webserver (or python's simple HTTP server).
3. Browse with a victim IE to `FillFromPrototypes_TypeConfusion.html`.

File Snapshot


 [4.0K]  /data/pocs/c2b7a787412dd22c070ab4f18ba44942e5edb316
├── [4.0K]  exploit
│   ├── [ 11K]  FillFromPrototypes_TypeConfusion.html
│   └── [6.5K]  FillFromPrototypes_TypeConfusion_NoSC.html
├── [1.0K]  LICENSE
└── [ 520]  README.md

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!