Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3330.
Microsoft Edge permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3330.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw relates to how Edge handles text nodes within HTML documents. By manipulating a document's elements an attacker can force a Tree::TextNode object in memory to be reused as a Tree::ANode object after it has already been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.
