Hey, Last Tuesday, Microsoft fixed a security issue in Microsoft Edge that I was aware of, but had not had time to report. (i.e. I was waiting for vulnerability contributor programs to look over my analysis and make me an offer for the information). Since this issue has been fixed, I have published my analysis on my blog <http://blog.skylined.nl/20160310001.html> at http://blog.skylined.nl/20160310001.html. In short: Specially crafted Javascript inside an HTML page can trigger a type confusion bug in Microsoft Edge that allows accessing a C++ object as if it was a BSTR string. This can result in information disclosure, such as allowing an attacker to determine the value of pointers to other objects and/or functions. This information can be used to bypass ASLR mitigations. It may also be possible to modify arbitrary memory and achieve remote code execution, but this was not investigated. Cheers, SkyLined
