CVE-2016-0189
Proof-of-Concept exploit for CVE-2016-0189 (VBScript Memory Corruption in IE11)
Tested on Windows 10 IE11.
Write-up
http://theori.io/research/cve-2016-0189
To run
- Download
support/*.dll
(or compile *.cpp for yourself) andexploit/*.html
to a directory. - Serve the directory using a webserver (or python's simple HTTP server).
- Browse with a victim IE to
vbscript_bypass_pm.html
. - (Re-fresh or re-open in case it doesn't work; It's not 100% reliable.)