lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 30 May 2005 23:25:17 -0300
From: "- k -" <klistas@...il.com>
To: <bugtraq@...urityfocus.com>
Subject: Re: Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005)


It works with IE 5.5 too (JSCRIPT.DLL version 5.5.0.5207)




Andres
----- Original Message -----
From: "Benjamin Tobias Franz" <0-1-2-3@....de>
To: <bugtraq@...urityfocus.com>
Sent: Saturday, May 28, 2005 11:24 AM
Subject: Microsoft Internet Explorer - Crash on JavaScript
"window()"-calling (05/28/2005)


> Microsoft Internet Explorer - Crash on JavaScript "window()"-calling
> (05/28/2005)
>
> Description:
> There is a bug in Microsoft Internet Explorer, which causes a crash in it.
> The bug occurs, because Microsoft Internet Explorer can't handle a call to
a
> JavaScript-function with the name of the "window"-object.
> The bug was fixed in an earlier version. But it works again.
>
> Affected software:
> Microsoft Internet Explorer
>
> Workaround:
> Deactivate "Active Scripting" in the IE options menu.
>
> Proof-of-Concept exploit:
> <body onLoad="window()">
>
> Date of discovery:
> 11. September 2003
>
> Tested software:
> Microsoft Internet Explorer 6 SP2 (6.0.2900.2180.xpsp_sp2_gdr.050301-1519)
> on a fully patched Windows XP SP2 system.
>
> DLL versions:
> MSHTML.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> BROWSEUI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> SHDOCVW.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> SHLWAPI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> URLMON.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> WININET.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
>
>
> Regards,
>
> Benjamin Tobias Franz
> Germany
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ