Latest YouTube Video

Saturday, December 3, 2016

[FD] CVE-2013-0019: MSIE 9 CDoc::ExecuteScriptUri use-after-free

Since November I have been releasing details on all vulnerabilities I found in web-browsers that I had not released before. I will try to continue to publish all my old vulnerabilities, including those not in web-browser, as long as I can find some time to do so. If you find this information useful, you can help me make some time available by donating bitcoin to 183yyxa9s1s1f7JBp­PHPmz­Q346y91Rx5DX. This is the twenty-fourth entry in the series. This information is available in more detail on my blog at http://ift.tt/2gZr7Ix. There you can find a repro that triggered this issue in addition to the information below. Today's release is interesting to me personally, as this was the first bug I sold as a bug bounty hunter after I quit my job at Google to live off security bug bounties. Unfortunately, this was quite some time ago, before I had proper tools or incentive to analyze the issues I was finding, so there aren't many details in this release. Follow me on http://twitter.com/berendjanwever for daily browser bugs. MSIE 9 CDoc::ExecuteScriptUri use-after-free ========================================== (MS13-009, CVE-2013-0019) Synopsis

Source: Gmail -> IFTTT-> Blogger

No comments: