CVE-2016-7200

This exploit leverages a type confusion vulnerability in Chakra's Array.filter implementation, where a variable array is incorrectly treated as an integer array, leading to heap corruption and information leakage. The PoC demonstrates both memory corruption and out-of-bounds writes.

This exploit leverages a type confusion vulnerability (CVE-2016-7200) and an information leak (CVE-2016-7201) in ChakraCore to achieve remote code execution. It demonstrates the exploitation by launching notepad.exe via WinExec.

This repository contains a functional exploit for CVE-2016-7200 and CVE-2016-7201, targeting Microsoft Edge's Chakra JavaScript engine. The exploit leverages an info leak and type confusion vulnerability to achieve remote code execution (RCE), demonstrated by launching notepad.exe or triggering an INT 3 breakpoint.