Hello everyone, I've recently released examples on twitter of how to trigger two security vulnerabilities in Microsoft Internet Explorer. These issue were discovered last year and reported to Microsoft through ZDI. Microsoft release security updates to address these issues last Tuesday. ====== CVE-2016-0061: https://twitter.com/berendjanwever/status/697819335574843394 MSHTML Form element id type confusion CVE-2016-0061 ZDI-16-162 MS16-009
====== CVE-2016-0063: https://twitter.com/berendjanwever/status/697818121835581441 DOMImplementation method type confusion CVE-2016-0063 ZDI-16-166 MS16-009 (part 1/2) (part 2/2) ====== Both were found through fuzzing inspired by Michal Zalewski's cross_fuzz http://lcamtuf.blogspot.nl/2011/01/announcing-crossfuzz-potential-0-day-in.html Cheers, SkyLined