Microsoft Internet Explorer 8/11 and WPAD service Jscript.dll use-after-free exploit.
aa077e4edafafb5f0450fba78b760fed0bf732ec0cdb9114581b916849860c12
Microsoft Internet Explorer 11 32-bit use-after-free exploit.
715f4e66ac7e717f1179ef6435a0f8d36849e502441a50d530c010bc5966ed34
Microsoft Internet Explorer 11 use-after free exploit that triggers when Array.sort() is called with a comparator function. The two arguments are untracked by the garbage collector.
b856df963c2e5a28bdae4d1fcd184f26ef11dc132bc8c3968f8124b28ded68ce