theori-io / jscript9-typedarray-cfg Public

Notifications You must be signed in to change notification settings
Fork 22
Star 37

Proof-of-Concept exploit for jscript9 bug (MS16-063) with CFG Bypass

37 stars 22 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
exploit		exploit
LICENSE		LICENSE
README.md		README.md

Repository files navigation

jscript9.dll TypedArray/DataView Memory Corruption

Proof-of-Concept exploit for jscript9 bug (MS16-063) w/ CFG bypass

Tested on Windows 10 IE11 (modern.ie).

Write-up

http://theori.io/research/chakra-jit-cfg-bypass

To run

Download exploit/jscript_win10_jit.html to a directory.
Serve the directory using a webserver (or python's simple HTTP server).
Browse with a victim IE to jscript_win10_jit.html.
(Re-fresh or re-open in case it doesn't work; It's not 100% reliable.)

About

Proof-of-Concept exploit for jscript9 bug (MS16-063) with CFG Bypass

Custom properties

Report repository

Releases

No releases published

Packages

No packages published

Languages

HTML 100.0%