## https://sploitus.com/exploit?id=D3C54F51-33F6-5430-A623-292AF0B3AB30
# CVE-2024-29943
A Pwn2Own SpiderMonkey JIT Bug: From Integer Range Inconsistency to Bound Check Elimination then RCE.
Reproducing CVE-2024-29943 for Windows, based on [https://github.com/bjrjk/CVE-2024-29943](https://github.com/bjrjk/CVE-2024-29943)
## Modifications
The original exploit is written for Linux, so I attempted to reproduce it on Windows.
- [Exploit_8.js](./Exploit_8.js) - Modified version using Uint8Array to reduce RAM consumption (~ 10GB)
- [Exploit_64.js](./Exploit_64.js) - Original BigUint64Array method (~ 20GB)
## Demo
[Demo.mp4](Demo.mp4)
## Reproduce Information
- Version: [FIREFOX_124_0_RELEASE](https://github.com/mozilla-firefox/firefox/tree/FIREFOX_124_0_RELEASE)
- Operating System: Windows 11 Pro (Build 26100)
- Architecture: amd64
- Command Line Arguments: `./js.exe --spectre-mitigations=off Exploit_8.js`
## Credits
Original research and exploit by [bjrjk](https://github.com/bjrjk/CVE-2024-29943)
## Disclaimer
This repository is intended solely for educational purposes and must not be used for any malicious activities.