Proof-of-Concept exploit for CVE-2016-0189 (VBScript Memory Corruption in IE11)
Tested on Windows 10 IE 11.
https://www.deamwork.com/archives/patch-analysis-of-cve-2016-0189.orz6
- Download
support/*.dll
(or compile *.cpp for yourself) andexploit/*.html
to a directory. - Serve the directory using a webserver (or python's simple HTTP server).
- Browse with a victim IE to
vbscript_bypass_pm.html
. - (Re-fresh or re-open in case it doesn't work; It's not 100% reliable.)