|
Bugtraq
mailing list archives
Internet Explorer remotely exploitable vulnerability in JScript's document.write() method
From: porkythepig () anspi pl
Date: 31 Jan 2006 18:15:30 -0000
There is a remotely exploitable vulnerability in the Internet Explorer in the JScripting/Flash plugin section.
The problem lies in bad scripting of document.write() method being executed trough VBscript procedure triggered from
ActionScript code within the crafted flash animation.
While exiting the IExplorer's jscript.dll call it causes a null pointer assignment in IE leading to the memory access
violation and browser crash.
The following configurations has been tested and found vulnerable:
Windows 2000 sp4 with all MS patches
Windows XP sp2
Windows XP64
Windows 98 SE
An example DoS exploit exists at:
http://www.anspi.pl/~porkythepig/iedown.html
and also by clicking the right bottom at:
http://www.anspi.pl/~porkythepig/index.html
Remote code execution possibility hasn't been verified yet , but it still may exist.
Vulnerability found and DoS exploit built by: porkythepig
contact: porkythepig () anspi pl
 By Date 
By Thread
Current thread:
- Internet Explorer remotely exploitable vulnerability in JScript's document.write() method porkythepig (Feb 01)
| 
Intro
