HTTP: Microsoft Edge Chakra AsmJSByteCodeGenerator EmitCall Type Confusion
This signature detects a Web page containing specific JavaScript code. This code can cause type confusion within Microsoft Edge Chakra. A successful exploitation would allow the attacker to gain sensitive information.
Extended Description
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800.
Affected Products
Microsoft chakracore
References
BugTraq: 102389
CVE: CVE-2018-0780
URL: https://bugs.chromium.org/p/project-zero/issues/detail?id=1433 https://cwe.mitre.org/data/definitions/843.html
Short Name
HTTP:STC:IE:CVE-2018-0780-MC
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
AsmJSByteCodeGenerator CVE-2018-0780 Chakra Confusion Edge EmitCall Microsoft Type bid:102389
Release Date
02/15/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3797
False Positive
Unknown
Vendors
Microsoft
CVSS Score
2.6