| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dotslash at snosoft.com (KF) Subject: IE6 crash bug; call thru unintialized pointer Crashes mine... Instruction at 0x63599ef9 refrenced memory at 0x0000006d memory could not be read... IE 6.0.2800.1106.xpsp2-030422-1633 -KF Richard M. Smith wrote: >Hi, > >I ran across an IE6 crash bug while developing a JavaScript >debugger. Here's a demo page that shows the problem: > >http://www.computerbytesman.com/js/crash/crash.htm > >What makes the bug interesting, is that the crash is caused by IE >dereferencing an uninititalized pointer. These dereferences happen in >random places in the code. The most interesting location I saw was in a >CALL instruction. > >I don't really have the time to determine if the bug is exploitable to >run code. > >The bug may also be present in earlier versions of IE. > >This is one of many crash bugs in IE that are present in the fringes of >the IE DOM. All the other bugs that I've found so far are just null >pointer dereferences which I think are harmless. > >Richard M. Smith >http://www.ComputerBytesMan.com > >PS. On a few machines, the demo must be reload a few times for a crash >to occur. > > > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > > >
Powered by blists - more mailing lists