lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060131181530.13185.qmail@securityfocus.com>
Date: 31 Jan 2006 18:15:30 -0000
From: porkythepig@...pi.pl
To: bugtraq@...urityfocus.com
Subject: Internet Explorer remotely exploitable vulnerability in JScript's
 document.write() method


There is a remotely exploitable vulnerability in the Internet Explorer in the JScripting/Flash plugin section.

The problem lies in bad scripting of document.write() method being executed trough VBscript procedure triggered from ActionScript code within the crafted flash animation.
While exiting the IExplorer's jscript.dll call it causes a null pointer assignment in IE leading to the memory access violation and browser crash.

The following configurations has been tested and found vulnerable:
Windows 2000 sp4 with all MS patches
Windows XP sp2
Windows XP64
Windows 98 SE

An example DoS exploit exists at:
http://www.anspi.pl/~porkythepig/iedown.html
and also by clicking the right bottom at:
http://www.anspi.pl/~porkythepig/index.html

Remote code execution possibility hasn't been verified yet , but it still may exist.

Vulnerability found and DoS exploit built by: porkythepig

contact: porkythepig@...pi.pl


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ