Analysis of CVE-2016-0059 - Microsoft IE Information Disclosure Vulnerability Discovered by Fortinet | Fortinet Blog

This month Microsoft patched two vulnerabilities which were discovered and reported by me, one is an information disclosure vulnerability in Internet Explorer (IE) (CVE-2016-0059 in MS16-009), the other is a memory corruption vulnerability in Microsoft Office (CVE-2016-0055 in MS16-015). In this blog, we will provide in-depth analysis of CVE-2016-0059. The vulnerability exists because Microsoft Hyperlink Object Library improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker must convince a user to either click a link in an email message or open an Office file, and then click a link in the file. 

In my original vulnerability report to Microsoft, I marked the vulnerability as Microsoft Office Excel heap overflow vulnerability. Because the vulnerability actually lies in the library hlink.dll (Microsoft Hyperlink Object Library) which is a component in Internet Explorer, Microsoft classifies it as Internet Explorer information disclosure vulnerability. In this blog, I still use Microsoft Office to demonstrate and analyze this vulnerability.   

Analysis of CVE-2016-0059 - Microsoft IE Information Disclosure Vulnerability Discovered by Fortinet | Fortinet Blog