Proof-of-Concept exploit for jscript9 bug (MS16-063) with CFG Bypass
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

jscript9.dll TypedArray/DataView Memory Corruption

Proof-of-Concept exploit for jscript9 bug (MS16-063) w/ CFG bypass

Tested on Windows 10 IE11 (


To run

  1. Download exploit/jscript_win10_jit.html to a directory.
  2. Serve the directory using a webserver (or python's simple HTTP server).
  3. Browse with a victim IE to jscript_win10_jit.html.
  4. (Re-fresh or re-open in case it doesn't work; It's not 100% reliable.)