SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Microsoft Internet Explorer Vendors:   Microsoft
Microsoft Internet Explorer Crashes When Saving Files With Special Character Strings
SecurityTracker Alert ID:  1010491
SecurityTracker URL:  http://securitytracker.com/id/1010491
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 14 2004
Impact:   Denial of service via local system, Denial of service via network
Exploit Included:  Yes  
Version(s): 6.0; Tested on 6.0.2800.1106.xpclnt_qfe.021108-2107
Description:   Rafel Ivgi (The-Insider) reported a vulnerability in Microsoft Internet Explorer (IE). A remote user can create a link that will cause the target user's browser to crash when attempting to save the link.

It is reported that when a target user attempts to save the contents of a link that contains a certain character string ('::{') using the "Save As" feature, the IE browser will crash due to a null pointer exception.

A demonstration exploit link is provided:

<a href=::%7b>Right Click aOn Me And Click "Save Target As"</a>

Impact:   A remote user can create HTML that contains a link that will cause the target user's browser to crash when the target user attempts to save the link target.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/technet/security/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Internet Explorer Remote Null Pointer Crash(mshtml.dll)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application:      Internet Explorer
Vendors:           http://www.microsoft.com
Versions:          6.0.2800.1106.xpclnt_qfe.021108-2107
Patched With:  SP1;Q832894;Q330994;Q837009;Q831167;
ModName:       mshtml.dll
ModVer:           6.0.2734.1600
Platforms:        Windows
Bug:                  Remote/Local Null Pointer Crash
Exploitation:    Remote with browser
Date:                14 Jun 2004
Author:             Rafel Ivgi, The-Insider
e-mail:              the_insider@mail.com
web:                 http://theinsider.deep-ice.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1) Introduction
2) Bugs
3) The Code

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

===============
1) Introduction
===============

Internet Explorer is currently the most common internet browser in the
world.
It comes by default with every windows operating system. Therefore any
vulnerability
concerning it is an highly important issue.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

======
2) Bug
======

Upon clicking "Save As" on a link with double colon --> "::"
and
a left curly bracket --> "{"
then
Internet Explorer Will Crash.

AppName: iexplore.exe  AppVer: 6.0.2600.0  ModName: ntdll.dll
ModVer: 5.1.2600.114  Offset: 00056074

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

===========
3) The Code
===========

Paste into an htm/html file:
<center><a href=::%7b>Right  Click aOn Me And Click "Save Target As"</a>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com

"Scripts and Codes will make me D.O.S , but they will never HACK me."


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC