| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 31 Jan 2006 18:15:30 -0000 From: porkythepig@...pi.pl To: bugtraq@...urityfocus.com Subject: Internet Explorer remotely exploitable vulnerability in JScript's document.write() method There is a remotely exploitable vulnerability in the Internet Explorer in the JScripting/Flash plugin section. The problem lies in bad scripting of document.write() method being executed trough VBscript procedure triggered from ActionScript code within the crafted flash animation. While exiting the IExplorer's jscript.dll call it causes a null pointer assignment in IE leading to the memory access violation and browser crash. The following configurations has been tested and found vulnerable: Windows 2000 sp4 with all MS patches Windows XP sp2 Windows XP64 Windows 98 SE An example DoS exploit exists at: http://www.anspi.pl/~porkythepig/iedown.html and also by clicking the right bottom at: http://www.anspi.pl/~porkythepig/index.html Remote code execution possibility hasn't been verified yet , but it still may exist. Vulnerability found and DoS exploit built by: porkythepig contact: porkythepig@...pi.pl
Powered by blists - more mailing lists