lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 28 May 2005 16:24:26 +0200
From: "Benjamin Tobias Franz" <>
To: <>
Subject: Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005)

Microsoft Internet Explorer - Crash on JavaScript "window()"-calling

There is a bug in Microsoft Internet Explorer, which causes a crash in it.
The bug occurs, because Microsoft Internet Explorer can't handle a call to a
JavaScript-function with the name of the "window"-object.
The bug was fixed in an earlier version. But it works again.

Affected software:
Microsoft Internet Explorer

Deactivate "Active Scripting" in the IE options menu.

Proof-of-Concept exploit:
<body onLoad="window()">

Date of discovery:
11. September 2003

Tested software:
Microsoft Internet Explorer 6 SP2 (6.0.2900.2180.xpsp_sp2_gdr.050301-1519)
on a fully patched Windows XP SP2 system.

DLL versions:
MSHTML.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
BROWSEUI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
SHDOCVW.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
SHLWAPI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
URLMON.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
WININET.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)


Benjamin Tobias Franz

Powered by blists - more mailing lists