| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Oct 2008 15:42:42 +0200 From: "Ivan Fratric" <ifsecure@...il.com> To: bugtraq@...urityfocus.com Subject: Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution There is a bug in Internet Explorer 6 JavaScript implementation enabling remote memory disclosure and remote code execution. The vulnerability is caused by improper implementation of componentFromPoint() method of xml object. ################### #The vulnerability# ################### The vulnerability is triggered by errornous behavior of componentFromPoint() method when invoked on a newly created xml object. ######## #Impact# ######## This vulnerability can be used (trivially) to remotely disclose Internet Explorer's memory when a victim visits a specially crafted web page or (less trivially) to achieve remote code execution when a victim visits a specially crafted web page. ##### #PoC# ##### Due to the spread and the impact of the vulnerability, exploiting details will be released at a later date, once everyone has had plenty of time to patch. ############ #References# ############ http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html http://www.zerodayinitiative.com/advisories/ZDI-08-069/ http://www.microsoft.com/technet/security/bulletin/MS08-058.mspx http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3475
Powered by blists - more mailing lists