Proof-of-Concept exploit for jscript9 bug (MS16-063)
Tested on Windows 7 IE11 (modern.ie).
http://theori.io/research/jscript9_typed_array
- Download exploit/jscript_win7.html to a directory.
- Serve the directory using a webserver (or python's simple HTTP server).
- Browse with a victim IE to
jscript_win7.html. - (Re-fresh or re-open in case it doesn't work; It's not 100% reliable.)