lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <000401c4d287$b0deb5e0$0100a8c0@grotedoos>
From: skylined at edup.tudelft.nl (Berend-Jan Wever)
Subject: MSIE flaws: nested array sort() loop Stack overflow exception

Hi all,

Another flaw in IE:

<HTML>
  <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
  <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
</HTML>

Normally I would see if it's exploitable but I figure I'm not MS's pet bug finder/analyser... So, I've CC'ed this message to Microsoft. I'm sure they know their own product better then I do and can analyse the problem much faster. So if you want to know the impact of this vulnerability, ask them: I'm sure they will be more then willing to help you. I'm sure they will even reply to this message with technical details and a patch tomorrow.

Added to the list: http://www.edup.tudelft.nl/~bjwever/advisory_ie_flaws.html

Cheers,
SkyLined
http://www.edup.tudelft.nl/~bjwever

PS. Don't think firefox will keep you save from hackers, I _know_ it won't ;) But more on that later...
PS2. Recursive function call will cause stack overflow causing write exception in guard page on a push, no control over registers.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ