2015年12月

时隔六个月,MS15-124 FIXED

我之前报告的(http://www.nul.pw/2015/06/03/90.html)IE10的漏洞已经在2015-12补丁中修复。

Internet Explorer Memory Corruption Vulnerability,CVE-2015-6162

该漏洞实际上是一个CTreeNode的Use after free。

Timeline:
2015/06/09 Found the problem.
2015/07/29 Send report to MSRC
2015/08/03 Microsoft confirmed the vunlerability
2015/08/03 CVE assigned
2015/09/03 Request for the progress
2015/09/04 Repairing in progress
2015/11/12 Repair complete, ask for acknowledgement
2015/12/09 The patch was released.

Acknowledgment (https://technet.microsoft.com/zh-cn/library/security/dn903755.aspx):
MS15-124 Internet Explorer Memory Corruption Vulnerability CVE-2015-6162 Wenxiang Qian of TencentQQBrowser