IE6 remote memory disclosure and remote code execution

2008-10-15 / 2008-10-16
Credit: Ivan Fratric
Risk: High
Local: No
Remote: No
CVE: N/A
CWE: N/A

There is a bug in Internet Explorer 6 JavaScript implementation enabling remote memory disclosure and remote code execution. The vulnerability is caused by improper implementation of componentFromPoint() method of xml object. ################### #The vulnerability# ################### The vulnerability is triggered by errornous behavior of componentFromPoint() method when invoked on a newly created xml object. ######## #Impact# ######## This vulnerability can be used (trivially) to remotely disclose Internet Explorer's memory when a victim visits a specially crafted web page or (less trivially) to achieve remote code execution when a victim visits a specially crafted web page. ##### #PoC# ##### Due to the spread and the impact of the vulnerability, exploiting details will be released at a later date, once everyone has had plenty of time to patch. ############ #References# ############ http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html http://www.zerodayinitiative.com/advisories/ZDI-08-069/ http://www.microsoft.com/technet/security/bulletin/MS08-058.mspx http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3475

References:

http://seclists.org/bugtraq/2008/Oct/0122.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top