Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the eight entry in that series, although this particular vulnerability does not just affect web-browsers, but all applications that use WININET to make HTTP requests. The below information is available in more detail on my blog at http://blog.skylined.nl/20161110001.html. There you can find a repro that triggered this issue in addition to the information below. Follow me on http://twitter.com/berendjanwever for daily browser bugs. WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read ============================================================= (MS16-105, CVE-2016-3325) Synopsis
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment