lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <cacf93c50810150642s4153e77dx65c67addbbcb31ec@mail.gmail.com>
Date: Wed, 15 Oct 2008 15:42:42 +0200
From: "Ivan Fratric" <ifsecure@...il.com>
To: bugtraq@...urityfocus.com
Subject: Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution

There is a bug in Internet Explorer 6 JavaScript implementation
enabling remote memory disclosure and remote code execution. The
vulnerability is caused by improper implementation of
componentFromPoint() method of xml object.

###################
#The vulnerability#
###################

The vulnerability is triggered by errornous behavior of
componentFromPoint() method when invoked on a newly created xml
object.

########
#Impact#
########

This vulnerability can be used (trivially) to remotely disclose
Internet Explorer's memory when a victim visits a specially crafted
web page or (less trivially) to achieve remote code execution when a
victim visits a specially crafted web page.

#####
#PoC#
#####

Due to the spread and the impact of the vulnerability, exploiting
details will be released at a later date, once everyone has had plenty
of time to patch.

############
#References#
############

http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html
http://www.zerodayinitiative.com/advisories/ZDI-08-069/
http://www.microsoft.com/technet/security/bulletin/MS08-058.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3475

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ