Monday 22 June 2015

Browsing stackoverflow for interesting crashes - Microsoft Internet Explorer 11

Here is a nice example why it is worth to browse stackoverflow.com for crash reports. Recently i stumbled upon this post:
http://stackoverflow.com/questions/28114732/internet-explorer-11-crashes-when-angulars-http-post-is-used-with-large-complex

I checked it out and as for today (22 Jun 2015) it crashes the latest Internet Explorer 11. The crash log looks interesting:
The proof of concept from the post is huge so i decided to downsize it a bit and here it is:
Certainly more readable. As usual maybe someone will find it useful.

From one of the comments in the stackoverflow discussion, we can see that Microsoft is already looking into it (23 Jan 2015).

Update:

The bug was patched in the July 2015 MS Bulletin (probably this one MS15-065 - CVE-2015-2419)

Update #2:

Great in-depth analysis of the bug by the guys from Checkpoint: http://blog.checkpoint.com/2016/02/10/too-much-freedom-is-dangerous-understanding-ie-11-cve-2015-2419-exploitation/

Sunday 7 June 2015

Microsoft Internet Explorer 11 Crash PoC

A test case that looked interesting at first, but most likely it is only a null ptr. Anyway you can find the proof of concept below.

It was tested on Windows 7 and 8.1, doesnt crash on older versions of IE as the faulty code was introduced in IE11.