Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%

CVE-2017-11907 PoC — Microsoft Windows Internet Explorer scripting引擎安全漏洞

Source
Associated Vulnerability
Title:Microsoft Windows Internet Explorer scripting引擎安全漏洞 (CVE-2017-11907)
Description:Microsoft Windows 7 SP1等都是美国微软(Microsoft)公司发布的操作系统。Internet Explorer(IE)是一款Windows操作系统附带的Web浏览器。scripting engines是其中的一个JavaScript引擎组件。 Microsoft Windows中的IE 9、10和11的scripting引擎存在远程代码执行漏洞,该漏洞源于程序没有正确的访问内存中的对象。远程攻击者可利用该漏洞在当前用户的上下文中执行任意代码,损坏内存。以下版本受到影响:Micro
Description
Windows: heap overflow in jscript.dll in Array.sort
Readme
# CVE-2017-11907

aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript

https://googleprojectzero.blogspot.jp/2017/12/apacolypse-now-exploiting-windows-10-in_18.html

Windows: heap overflow in jscript.dll in Array.sort

https://bugs.chromium.org/p/project-zero/issues/detail?id=1383
File Snapshot

[4.0K] /data/pocs/2c6dc37552644c209e6c92b91cbeb1d012c7966b ├── [4.0K] OxidResolver.NoStdLib.Compile.With.Sizeoptimized │   ├── [4.0K] OxidResolver │   │   ├── [ 15K] OxidResolver.cpp │   │   ├── [ 11K] OxidResolver.vcxproj │   │   ├── [1.5K] OxidResolver.vcxproj.filters │   │   ├── [ 165] OxidResolver.vcxproj.user │   │   ├── [ 23K] resolver_c.c │   │   ├── [5.2K] resolver_h.h │   │   ├── [3.1K] resolver.idl │   │   ├── [ 19K] resolver_s.c │   │   ├── [ 304] stdafx.cpp │   │   ├── [ 327] stdafx.h │   │   └── [ 314] targetver.h │   ├── [1.8K] OxidResolver.sln │   └── [ 59] README.md ├── [ 423] PoC_for_IE.js ├── [ 313] README.md └── [ 66K] wpad.dat 2 directories, 16 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.