Since November I have been releasing details on all vulnerabilities I found in web-browsers that I had not released before. I will try to continue to publish all my old vulnerabilities, including those not in web-browser, as long as I can find some time to do so. If you find this information useful, you can help me make more time available by donating bitcoin to 183yyxa9s1s1f7JBpPHPmzQ346y91Rx5DX. This is the twenty-sixth entry in the series. This information is available in more detail on my blog at http://ift.tt/2gLoBso. There you can find repros that triggered this issue in addition to a Proof-of-Concept exploit, as well as the information below. Today's release is interesting, in part because it is an odd vulnerability that I've not seen before or since: it's like a stack-based use-after-free. The time-line is also interesting in that ZDI first did not believe it to be exploitable and EIP thought it was a duplicate of a bug they had already reported to Microsoft. Both turned out to be wrong. Then I reported it to iDefense as well, who accidentally send the details over plain-text email, causing ZDI to reject my submission for fear of the bug leaking to the public. Luckily for me, iDefense did end up acquiring the bug. Follow me on http://twitter.com/berendjanwever for daily browser bugs. MSIE jscript9 JavaScriptStackWalker memory corruption ===================================================== (MS15-056, CVE-2015-1730) Synopsis
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment