This repository contains PoCs for type confusion vulnerabilities in the ChakraCore engine used by Microsoft Edge (EdgeHTML version, not Chromium-based Edge).

The PoCs inject dummy code (specifically an int 3 followed by nop) into a Just-In-Time (JIT) compilation process.

To verify the PoCs, attach a debugger to a JIT compilation process (one of the MicrosoftEdgeCP.exe processes) and execute the PoCs.

• Windows 10 Version 1703 (OS Build 15063.0)

• CVE-2019-0567
  • InitProto
  • NewScObjectNoCtor
• CVE-2019-0539
• CVE-2018-8617

• Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability
• CVE-2019-0539 to Remote Code Execution (RCE)
• Bypassing Mitigations by Attacking JIT Server in Microsoft Edge