lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: SkyLined at edup.tudelft.nl (Berend-Jan Wever)
Subject: Internet Explorer Remote Null Pointer Crash(mshtml.dll)

Doesn't look like a null pointer to me, especially since it crashes while
reading 800c0005...
I think it's a format string vulnerability, causing ntdll.RtlFormatMessage
to call ntdll._snwprintf with your href. Might be exploitable, I'll have a
look...

Cheers,
SkyLined
----- Original Message ----- 
From: "Rafel Ivgi, The-Insider" <theinsider@....net.il>
To: "vulnwatch" <vulnwatch@...nwatch.org>
Sent: Monday, June 14, 2004 23:20
Subject: [Full-Disclosure] Internet Explorer Remote Null Pointer
Crash(mshtml.dll)


> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Application:      Internet Explorer
> Vendors:           http://www.microsoft.com
> Versions:          6.0.2800.1106.xpclnt_qfe.021108-2107
> Patched With:  SP1;Q832894;Q330994;Q837009;Q831167;
> ModName:       mshtml.dll
> ModVer:           6.0.2734.1600
> Platforms:        Windows
> Bug:                  Remote/Local Null Pointer Crash
> Exploitation:    Remote with browser
> Date:                14 Jun 2004
> Author:             Rafel Ivgi, The-Insider
> e-mail:              the_insider@...l.com
> web:                 http://theinsider.deep-ice.com
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> 1) Introduction
> 2) Bugs
> 3) The Code
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> ===============
> 1) Introduction
> ===============
>
> Internet Explorer is currently the most common internet browser in the
> world.
> It comes by default with every windows operating system. Therefore any
> vulnerability
> concerning it is an highly important issue.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> ======
> 2) Bug
> ======
>
> Upon clicking "Save As" on a link with double colon --> "::"
> and
> a left curly bracket --> "{"
> then
> Internet Explorer Will Crash.
>
> AppName: iexplore.exe  AppVer: 6.0.2600.0  ModName: ntdll.dll
> ModVer: 5.1.2600.114  Offset: 00056074
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> ===========
> 3) The Code
> ===========
>
> Paste into an htm/html file:
> <center><a href=::%7b>Right  Click aOn Me And Click "Save Target As"</a>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> --- 
> Rafel Ivgi, The-Insider
> http://theinsider.deep-ice.com
>
> "Scripts and Codes will make me D.O.S , but they will never HACK me."
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ