Posted by Berend-Jan Wever on Nov 10

Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the
eight entry in that series, although this particular vulnerability does
not just affect web-browsers, but all applications that use WININET to
make HTTP requests.

The below information is available in more detail on my blog at
http://blog.skylined.nl/20161110001.html. There you can find a repro
that triggered…