1 post in archive

Analyzing CVE-2018-8653 with REVEN: Use-after-Free in Internet Explorer Scripting Engine

10 Mar 2020 by Luc - Technical - Use After Free UaF Reverse Engineering Garbage Collector Memory Management CVE Demo REVEN

In this post we will have a look at the proof of concept for CVE-2018-8653 that comes from a very interesting blog post from Philippe Laulheret et al. at MacAfee Labs. To summarize, the vulnerability exploits various seemingly innocent behaviors in Internet Explorer’s scripting engine (jscript.dll) to trigger a use-after-free...