Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2016-0189 PoC — Microsoft JScript和VBScript脚本引擎内存损坏漏洞

Source
https://github.com/deamwork/MS16-051-poc
Associated Vulnerability
Title:Microsoft JScript和VBScript脚本引擎内存损坏漏洞 (CVE-2016-0189)
Description:The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.
Description
对CVE-2016-0189漏洞补丁的分析
Readme
# CVE-2016-0189
Proof-of-Concept exploit for CVE-2016-0189 (VBScript Memory Corruption in IE11)

Tested on Windows 10 IE 11.

### Write-up
https://www.deamwork.com/archives/patch-analysis-of-cve-2016-0189.orz6

### To run
1. Download `support/*.dll` (or compile \*.cpp for yourself) and `exploit/*.html` to a directory.
2. Serve the directory using a webserver (or python's simple HTTP server).
3. Browse with a victim IE to `vbscript_bypass_pm.html`.
4. (Re-fresh or re-open in case it doesn't work; It's not 100% reliable.)
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →