CVE-2016-0189 PoC — Microsoft JScript和VBScript脚本引擎内存损坏漏洞

Source

https://github.com/theori-io/cve-2016-0189

Associated Vulnerability

Title:Microsoft JScript和VBScript脚本引擎内存损坏漏洞 (CVE-2016-0189)
Description:Microsoft Internet Explorer（IE）是美国微软（Microsoft）公司开发的一款Web浏览器，是Windows操作系统附带的默认浏览器。JScript是其中的一种解释性的基于对象的脚本语言。VBScript（全称Visual Basic Script）是其中的一种脚本语言，也是ASP动态网页默认的编程语言。在Microsoft IE中处理内存中的对象时，Microsoft Jscript和VBScript的呈现方式存在远程执行代码漏洞。远程攻击者可利用该漏洞在当前用户的上下文

Description

Proof-of-Concept exploit for CVE-2016-0189 (VBScript Memory Corruption in IE11)

Readme

# CVE-2016-0189
Proof-of-Concept exploit for CVE-2016-0189 (VBScript Memory Corruption in IE11)

Tested on Windows 10 IE11.

### Write-up
http://theori.io/research/cve-2016-0189

### To run
1. Download `support/*.dll` (or compile \*.cpp for yourself) and `exploit/*.html` to a directory.
2. Serve the directory using a webserver (or python's simple HTTP server).
3. Browse with a victim IE to `vbscript_bypass_pm.html`.
4. (Re-fresh or re-open in case it doesn't work; It's not 100% reliable.)

File Snapshot


 [4.0K]  /data/pocs/6a2a0f41066382e1ac133215a3372d9805c9a9a6
├── [4.0K]  exploit
│   ├── [7.8K]  vbscript_bypass_pm.html
│   └── [3.8K]  vbscript_godmode.html
├── [1.1K]  LICENSE
├── [ 494]  README.md
└── [4.0K]  support
    ├── [3.7K]  ielocalserver.cpp
    ├── [ 74K]  ielocalserver.dll
    ├── [ 937]  ieshell32.cpp
    └── [ 68K]  ieshell32.dll

2 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!