IE6 remote memory disclosure and remote code execution

2008-10-15 / 2008-10-16

Credit: Ivan Fratric

Risk: High

Local: No

Remote: No

CVE: N/A

CWE: N/A

There is a bug in Internet Explorer 6 JavaScript implementation
enabling remote memory disclosure and remote code execution. The
vulnerability is caused by improper implementation of
componentFromPoint() method of xml object.
###################
#The vulnerability#
###################
The vulnerability is triggered by errornous behavior of
componentFromPoint() method when invoked on a newly created xml
object.
########
#Impact#
########
This vulnerability can be used (trivially) to remotely disclose
Internet Explorer's memory when a victim visits a specially crafted
web page or (less trivially) to achieve remote code execution when a
victim visits a specially crafted web page.
#####
#PoC#
#####
Due to the spread and the impact of the vulnerability, exploiting
details will be released at a later date, once everyone has had plenty
of time to patch.
############
#References#
############
http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html
http://www.zerodayinitiative.com/advisories/ZDI-08-069/
http://www.microsoft.com/technet/security/bulletin/MS08-058.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3475

References:

http://seclists.org/bugtraq/2008/Oct/0122.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

IE6 remote memory disclosure and remote code execution

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.