Vulnerability Development mailing list archives
Windows Update Error
From: s.hird () STUDENT QUT EDU AU (Shane Hird)
Date: Tue, 28 Sep 1999 14:31:17 -0000
It appears that Microsoft's Windows Update Site is causing IE to crash for users visiting the site, a quick search on deja-news shows that it probably isn't just a one off occurance. Having recently found a few BO's in other controls, I thought to take a look at the CWUpdInfo Class, and discovered yet another minor BO. I've had only limited success in controlling the RET address, although I have managed to control EIP at least once, unfortuantly I have been unable to repro it. This doesn't appear to be the same problem that is occuring on the windows update page, trying to understand the complex, partly generated, poorly formated etc code on this site to repro the problem isn't an easy (or particularly interesting) task. I've also had only minimal experience with behaviors and style sheets etc which MS seem to like using. If anyone manages to have any form of success with this control (exploit-wise), I'd be grateful for any information. (After reading the FAQ, I assume this is what this forum is for). <object classid="clsid:A3863C2E-86EB-11D1-A9DB-00C04FB16F9E" id="wupd"></object> <script language="VBScript"><!-- expstr="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAA" wupd.gotomtsurl(expstr) --></script> -Shane.
Current thread:
- Windows Update Error Shane Hird (Sep 28)