Latest YouTube Video

Friday, December 9, 2016

[FD] CVE-2013-1306: MSIE 9 MSHTML CDisp­Node::Insert­Sibling­Node use-after-free details

Since November I have been releasing details on all vulnerabilities I found that I have not released before. This is the twenty-eighth entry in the series. This information is available in more detail on my blog at http://ift.tt/2h6tCJS. There you can find a repro that triggered this issue in addition to the information below. Today's release is again not very interesting, because it also was one of the first bugs I found and reported back in 2012, before I had developed the tools and skills to properly analyze MSIE bugs. This report is therefore very scarce in information. I did get some more details from EIP about the root cause, which I've included. If you find this information useful, and would like to help me make time to continue releasing this kind of information, you can make a donation in bitcoin to 183yyxa9s1s1f7JBp­PHPmz­Q346y91Rx5DX. Follow me on http://twitter.com/berendjanwever for daily browser bugs. MSIE 9 MSHTML CDispNode::InsertSiblingNode use-after-free ========================================================= (MS13-037, CVE-2013-1306) Synopsis

Source: Gmail -> IFTTT-> Blogger

No comments: