Changes

| Subscripted TIME$/DATE$ allow write access to DATA/BSS

| Subscripted TIME$/DATE$ allow write access to DATA/BSS

| Utf-16 characters can be assigned to subscripted TIME$/DATE$ interpreter sysvars which results in write-only access to all of DATA and some BSS in userland.

| Utf-16 characters can be assigned to subscripted TIME$/DATE$ interpreter sysvars which results in write-only access to all of DATA and some BSS in userland.

TIME$[0]/DATE$[0] actually point to somewhere in rodata, and an overly large subscript can be used to write well past it and into the aforementioned areas.

TIME$[0]/DATE$[0] actually point to somewhere in rodata, and an overly large subscript can be used to write well past it and into the aforementioned areas. Demo [https://github.com/zoogie/smilehax-IIe here.]

| App: 3.6.2 (3.6.0 latest for US/EU, JP appvers. can be downgraded)

| App: 3.6.2 (3.6.0 latest for US/EU, JP appvers. can be downgraded)

| System: [[11.13.0-45]].

| System: [[11.13.0-45]].

| April 2020

| April 2020

| February 2020

| February 2020

| bug publicly documented [https://translate.google.com/translate?sl=auto&tl=en&u=http%3A%2F%2Fsmilebasic.com%2Fdebug%2Farchive%2F here]

| bug publicly documented [https://translate.google.com/translate?sl=auto&tl=en&u=http%3A%2F%2Fsmilebasic.com%2Fdebug%2Farchive%2F here.]

Exploited by Zoogie

Exploited by Zoogie

|-

|-