#DailyBug #MSIE9 MSHTML CAttrArray use-after-free
Details and repro in my blogpost athttp://blog.skylined.nl/20161101001.html …
-
-
ah yes, need to check my notes to be sure, but looks similar indeed. Damn bug collisions ;-)
-
Is this due to you guys using similar processes for finding bugs or is it a "vulns are sparse" moment?
-
There's bound to be a bit of both involved every time bugs collide and it's not possible to quantify how much of each
-
It would provide useful input if you both revealed how you found this same bug :) AFL, manual, custom fuzzer?
-
AFL on MSIE DOM in 2014 is not likely and manually checking DOM APIs is not a realistic approach, so guess what :)
-
Well if you guys happened to have built a similar custom fuzzer, agree to use opposite order of testing :)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.