Double kill vulnerability
- Danger level: high risk
- Danger performance: Use 0day vulnerability to carry out APT attacks on IE kernel browser and office.
- Scope of influence: the latest version of IE browser and applications that use IE core
- Official introduction: CVE-2018-8174
- Vulnerability information: The 0day vulnerability uses multiple UAFs to complete type confusion, completes arbitrary address reading and writing by forging an array object, and finally obtains code execution by constructing the object and releasing it. Code execution does not use traditional ROP or GodMod, but uses script layout Shellcode for stable use.