lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 28 May 2005 16:24:34 +0200 From: "Benjamin Tobias Franz" <0-1-2-3@....de> To: <bugtraq@...urityfocus.com> Subject: Microsoft Internet Explorer - Crash on to many stack overflows (05/28/2005) Microsoft Internet Explorer - Crash on to many stack overflows (05/28/2005) Description: There is a bug in Microsoft Internet Explorer, which causes a crash in NTDLL.DLL. - ModName: ntdll.dll - ModVer: 5.1.2600.2180 - Offset: 00043151 The bug occurs, because Microsoft Internet Explorer can't handle many (> 110) stack overflows. On Windows 98 SE you will get an error in KERNEL32.DLL. Affected software: Microsoft Internet Explorer Workaround: Deactivate "Active Scripting" in the IE options menu. Proof-of-Concept exploit (Close all - zirka 110 - error messages.): <script> window.onerror=new Function("history.go(0)"); function btf(){btf();} btf(); </script> Date of discovery: 17. August 2003 Tested software: Microsoft Internet Explorer 6 SP2 (6.0.2900.2180.xpsp_sp2_gdr.050301-1519) on a fully patched Windows XP SP2 system. DLL versions: MSHTML.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) BROWSEUI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) SHDOCVW.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) SHLWAPI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) URLMON.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) WININET.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) Regards, Benjamin Tobias Franz Germany
Powered by blists - more mailing lists