Advisory Details

March 8th, 2016

Microsoft Edge CAsyncTpWorker Use-After-Free Remote Code Execution Vulnerability

ZDI-16-177
ZDI-CAN-3408

CVE ID CVE-2016-0118
CVSS SCORE 5.1, (AV:N/AC:H/Au:N/C:P/I:P/A:P)
AFFECTED VENDORS Microsoft
AFFECTED PRODUCTS Edge
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 21921. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the code that renders PDF documents. By supplying a malformed PDF document an attacker can cause Microsoft Edge to use a Infra::CAsyncTpWorker object in memory after it has been freed. An attacker can leverage this to execute arbitrary code under the context of the current process.

ADDITIONAL DETAILS Microsoft has issued an update to correct this vulnerability. More details can be found at:
https://technet.microsoft.com/en-us/library/security/MS16-028
DISCLOSURE TIMELINE
  • 2015-11-12 - Vulnerability reported to vendor
  • 2016-03-08 - Coordinated public release of advisory
CREDIT Jaanus Kp - Clarified Security
BACK TO ADVISORIES