HTTP: Microsoft Edge Chakra Array.shift Type Confusion

This signature detects attempts to exploit a known vulnerability in Microsoft Edge's scripting engine Chakra. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Extended Description

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.

Short Name
HTTP:STC:IE:CHAKRA-ARRAY-SHIFT
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Array.shift CVE-2016-7201 Chakra Confusion Edge Microsoft Type
Release Date
12/13/2016
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3831
False Positive
Unknown
CVSS Score

7.6

Found a potential security threat?