Microsoft Windows Internet Explorer 动画管理器内存破坏漏洞 (MS16-132)

基本字段

漏洞编号：: SSV-92533

披露/发现时间：: 未知

提交时间：: 2016-11-10

漏洞等级：

漏洞类别：: 拒绝服务

影响组件：: Microsoft Windows

漏洞作者：: Scott Bell

提交者：: Knownsec

CVE-ID：: CVE-2016-7205

CNNVD-ID：: 补充

CNVD-ID：: 补充

ZoomEye Dork：: 补充

来源

http://www.security-assessment.com/files/documents/advisory/ie_animation_manager_uaf.pdf

漏洞详情

贡献者 Knownsec 共获得 0KB

### Exploitation Exploitation of this vulnerability requires a user to visit a page containing specially crafted JavaScript. Users can generally be lured to visit web pages via email, instant message or links on the internet. Vulnerabilities like thisare often hosted on legitimate websites which have been compromised by other means.The following table showssome cursory debug information: ``` (ee0.e00): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=0b7eaef8 ebx=03cb8ef8 ecx=03cb8ef8 edx=08d49ef0 esi=007c9fc0 edi=05aac2e8 eip=6f96f0d4 esp=05aac25c ebp=05aac2bc iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 UIAnimation!UI::Animation2::CManager::StoryboardLoopIterationChanged+0x20: 6f96f0d4 894834 mov dword ptr [eax+34h],ecx ds:0023:0b7eaf2c=???????? 1:018> k ChildEBP RetAddr 05aac258 6f973ec7 UIAnimation!UI::Animation2::CManager::StoryboardLoopIterationChanged+0x20 05aac2bc 6f978627 UIAnimation!UI::Animation2::CStoryboard::LocalTimeFromStoryboardTime+0x209 05aac328 6f976d00 UIAnimation!UI::Animation2::CVariableTracker::Update+0x71 05aac37c 6f973114 UIAnimation!UI::Animation2::CVariable::Update+0x23c 05aac3a8 6f97093f UIAnimation!UI::Animation2::CStoryboard::Update+0x42 05aac438 6f970600 UIAnimation!UI::Animation2::CManager::UpdateCore+0x1f0 05aac470 6f96da19 UIAnimation!UI::Animation2::CManager::UpdateInstrumented+0x222 05aac4a8 6a03486a UIAnimation!UI::Animation2::CManager::Update+0x5a 05aac4d4 6a034566 MSHTML!CAnimationManager::Update+0x5c 05aac4e8 69e93a7c MSHTML!CAnimationManager::OnTimer+0x22 05aac548 69e14a42 MSHTML!CPaintBeat::ProcessTimers+0x3d2 05aac58c 69fefefc MSHTML!CPaintBeat::OnBeat+0x348 05aac5ac 69fefea3 MSHTML!CPaintBeat::OnPaintTimer+0x48 05aac5c8 69e14dcb MSHTML!CContainedTimerSink<CPaintBeat>::OnTimerMethodCall+0xdb 05aac628 69ded10a MSHTML!GlobalWndOnPaintPriorityMethodCall+0x16c 05aac678 75dcc4b7 MSHTML!GlobalWndProc+0x123 ``` The following HTML proof of concept code can be used to reproduce the vulnerability: ![](https://images.seebug.org/1478841643057) ![](https://images.seebug.org/1478841652392)

共 0 兑换了

PoC (非 pocsuite 插件)

贡献者 Knownsec 共获得 0KB

共 0 兑换

参考链接

https://technet.microsoft.com/zh-cn/library/security/ms16-132.aspx

解决方案

临时解决方案

暂无临时解决方案

官方解决方案

防护方案

暂无防护方案

※本站提供的任何内容、代码与服务仅供学习，请勿用于非法用途，否则后果自负

Microsoft Windows Internet Explorer 动画管理器内存破坏漏洞 (MS16-132)

基本字段

来源

漏洞详情

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机现在绑定

暂无评论

Microsoft Windows Internet Explorer 动画管理器内存破坏漏洞 (MS16-132)

基本字段

来源

漏洞详情

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机 现在绑定

暂无评论

您好，

您好，

评论前需绑定手机现在绑定