Title: Delving deep into VBScript
Published: Tue, 03 Jul 2018 13:00:13 +0000
Description: In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that uses a well-known technique from the PoC exploit CVE-2014-6332. But whereas CVE-2014-6332 was aimed at integer overflow exploitation for writing to arbitrary memory locations, my interest lay in how this technique was adapted to exploit the use-after-free vulnerability.
Read full article on SECURELIST.COM