Internet explorer 7.0 stack overflow

2009.02.01
Credit: jplopezy
Risk: High
Local: Yes
Remote: No
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Application: Internet explorer 7.0 OS: Windows xp - sp3 - full patch (windows vista don't work!) ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description Internet explorer is a default browser of windows ------------------------------------------------------ Vulnerability The vulnerability is caused when you trying send some data, using a form. This caused a stack overflow with the possibility of running arbitrary code. The bug is in the module "shell32", when you analize with debug returns "stack overflow" and the memory address. ------------------------------------------------------ POC/EXPLOIT http://jplopezy.fortunecity.es/ietest.html ------------------------------------------------------ Juan Pablo Lopez Yacubian

References:

http://www.securityfocus.com/archive/1/archive/1/500472/100/0/threaded


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top