Hey, Last Tuesday, Microsoft fixed a security issue in Microsoft Edge that I was aware of, but had not had time to report. (i.e. I was waiting for vulnerability contributor programs to look over my analysis and make me an offer for the information). Since this issue has been fixed, I have published my analysis on my blog <http://blog.skylined.nl/20160310001.html><my%20blog>.
In short: Specially crafted Javascript inside an HTML page can trigger a type confusion bug in Microsoft Edge that allows accessing a C++ object as if it was a BSTR string. This can result in information disclosure, such as allowing an attacker to determine the value of pointers to other objects and/or functions. This information can be used to bypass ASLR mitigations. It may also be possible to modify arbitrary memory and achieve remote code execution, but this was not investigated. Cheers, SkyLined _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
