Microsoft Internet Explorer 11 use-after free exploit that triggers when Array.sort() is called with a comparator function. The two arguments are untracked by the garbage collector.
Microsoft Internet Explorer 11 use-after free exploit that triggers when Array.sort() is called with a comparator function. The two arguments are untracked by the garbage collector.