Read the original article: Crash Reproduction Series: IE Developer Console UAF
During a DFIR investigation, using ZecOps Crash Forensics on a developer’s computer we encountered a consistent crash on Internet Explorer 11. The TL;DR is that albeit this bug is not exploitable, it presents an interesting expansion to the attack surface through the Developer Consoles on browsers.
While examining the stack trace, we noticed a JavaScript engine failure. The type of the exception was a null pointer dereference, which is typically not alarming. We investigated further to understand whether this event can be exploited.
Continue reading Crash Reproduction Series: IE Developer Console UAF at ZecOps Blog.
Read the original article: Crash Reproduction Series: IE Developer Console UAF