February 10, 2015
Bi-level TIFFs and the tale of the unexpectedly early patch
Today's release of MS15-016 (CVE-2015-0061) fixes another of the series of browser memory disclosure bugs found with afl-fuzz - this time, related to the handling of bi-level (1-bpp) TIFFs in Internet Explorer (yup, MSIE displays TIFFs!). You can check out a simple proof-of-concept here, or simply enjoy this screenshot of eight subsequent renderings of the same TIFF file:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment