""ET EXPLOIT Microsoft Edge Chakra - InlineArrayPush Type Confusion Inbound M1 (CVE-2018-8617)""

SID: 2033782

Revision: 1

Class Type: attempted-admin

Metadata: attack_target Client_Endpoint, created_at 2021_08_25, cve CVE_2018_8617, deployment Perimeter, signature_severity Major, tag Exploit, updated_at 2021_08_25

Reference:

• cve

• 2018-8617

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HOME_NET

Destination Port: $HTTP_PORTS

Flow: established,from_server

Contents:

• Value: "200"

• Value: "function"

• Value: "Object.prototype.push = Array.prototype.push"

• Value: ".push|28|"

Within:

PCRE: "/^\s(?P[\w-]{1,20})((?P[\w-]{1,20})\s,\s(?P[\w-]{1,20}).{1,300}(?:(?P=var_a).(?P=var_b)|(?P=var_b).(?P=var_a))\s=\s\d+\x3b\s(?:(?P=var_a)|(?P=var_b)).push(\d+)\x3b\s(?:(?P=var_a).(?P=var_a)|(?P=var_b).(?P=var_b))\s=\s0x.{1,300}Object.prototype.push\s=\sArray.prototype.push\x3b\sfor\s(\slet\s(?P[\w-]{1,20})\s=\s\d{1,8}\s\x3b\s(?P=counter)\s(?:<|>)\s(?:0x)?\d{2,}\s\x3b\s(?P=counter)(?:+{2}|-{2})).{1,300}let\s(?:(?P=var_a)|(?P=var_b))\s=\s{(?:(?P=var_a):\s\d+\s,\s(?P=var_b):\s\d+|(?:(?P=var_b):\s\d+\s,\s(?P=var_a):\s\d+))}\x3b.{1,300}(?P=func_opt)((?:(?P=var_a)|(?P=var_b)),\s{}.{1,300}let\s(?P[\w-]{1,20})\s=\s{(?:(?P=var_a):\s\d+\s,\s(?P=var_b):\s\d+|(?:(?P=var_b):\s\d+\s,\s(?P=var_a):\s\d+))}.{1,300}(?P=func_opt)((?P=var_o)/Rs"

Special Options:

• http_stat_code

• file_data

• fast_pattern

source