Here is a nice example why it is worth to browse stackoverflow.com for crash reports. Recently i stumbled upon this post:
http://stackoverflow.com/questions/28114732/internet-explorer-11-crashes-when-angulars-http-post-is-used-with-large-complex
I checked it out and as for today (22 Jun 2015) it crashes the latest Internet Explorer 11. The crash log looks interesting:
The proof of concept from the post is huge so i decided to downsize it a bit and here it is:
Certainly more readable. As usual maybe someone will find it useful.
From one of the comments in the stackoverflow discussion, we can see that Microsoft is already looking into it (23 Jan 2015).
Update:
The bug was patched in the July 2015 MS Bulletin (probably this one MS15-065 - CVE-2015-2419)
Update #2:
Great in-depth analysis of the bug by the guys from Checkpoint: http://blog.checkpoint.com/2016/02/10/too-much-freedom-is-dangerous-understanding-ie-11-cve-2015-2419-exploitation/
Showing posts with label CVE-2015-2419. Show all posts
Showing posts with label CVE-2015-2419. Show all posts
Subscribe to:
Posts (Atom)