CVE-2016-3247

HIGH

Microsoft Edge and Internet Explorer 11 - Remote Code Execution or Denial of Service via Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3247. PoCs published by Skylined.

AI-analyzed exploit summary This exploit demonstrates an integer underflow in Microsoft Edge's CTextExtractor::GetBlockText, leading to an out-of-bounds read. The PoC uses a heap spray technique to allocate memory at a specific offset to prevent a crash, proving the vulnerability's exploitability.

Description

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Skylined · htmldoswindows

https://www.exploit-db.com/exploits/40797

View Code ZIP pw:eip

This exploit demonstrates an integer underflow in Microsoft Edge's CTextExtractor::GetBlockText, leading to an out-of-bounds read. The PoC uses a heap spray technique to allocate memory at a specific offset to prevent a crash, proving the vulnerability's exploitability.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Complex

Reliability

Theoretical

Target: Microsoft Edge 11.0.10240.16384

No auth needed

Prerequisites: Target must visit a specially crafted web page

MITRE ATT&CK