Full title: Microsoft Internet Explorer WININET.dll - CHttp­Header­Parser::Parse­Status­Line Out-of-Bounds Read 
Category: dos / poc
Platform: windows
A specially crafted HTTP response can cause the CHttpHeaderParser::ParseStatusLine method in WININET to read data beyond the end of a buffer. The size of the read can be controlled through the HTTP response. An attacker that is able to get any application that uses WININET to make a request to a server under his/her control may be able to disclose information stored after this memory block. This includes Microsoft Internet Explorer.

# 0day.today @ http://0day.today/