| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 28 May 2005 16:24:26 +0200 From: "Benjamin Tobias Franz" <0-1-2-3@....de> To: <bugtraq@...urityfocus.com> Subject: Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005) Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005) Description: There is a bug in Microsoft Internet Explorer, which causes a crash in it. The bug occurs, because Microsoft Internet Explorer can't handle a call to a JavaScript-function with the name of the "window"-object. The bug was fixed in an earlier version. But it works again. Affected software: Microsoft Internet Explorer Workaround: Deactivate "Active Scripting" in the IE options menu. Proof-of-Concept exploit: <body onLoad="window()"> Date of discovery: 11. September 2003 Tested software: Microsoft Internet Explorer 6 SP2 (6.0.2900.2180.xpsp_sp2_gdr.050301-1519) on a fully patched Windows XP SP2 system. DLL versions: MSHTML.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) BROWSEUI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) SHDOCVW.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) SHLWAPI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) URLMON.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) WININET.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) Regards, Benjamin Tobias Franz Germany
Powered by blists - more mailing lists