Right. But your post shows that you can reliably get the browser to crash. It do... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

nbpoole on July 15, 2013 | parent | context | favorite | on: How I found CVE-2013-1310 in IE6 and IE7

Right. But your post shows that you can reliably get the browser to crash. It doesn't demonstrate that the crash is exploitable, unless I'm missing something.

yuhong on July 15, 2013 [–]

I was able to prove that it was potentially exploitable to MSRC, which is how I got them to fix it. There are a lot of non-exploitable crashes such as null pointer dereferences that MSRC will not consider as security bugs.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact