Microsoft IE HTML表单值拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1183891 漏洞类型 缓冲区溢出
发布时间 2009-01-28 更新时间 2009-02-11
CVE编号 CVE-2009-0341 CNNVD-ID CNNVD-200901-437
漏洞平台 N/A CVSS评分 9.3
|漏洞来源
https://www.securityfocus.com/bid/33494
https://cxsecurity.com/issue/WLB-2009020065
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-437
|漏洞详情
InternetExplorer是Windows操作系统中默认捆绑的WEB浏览器。InternetExplorer的shell32模块没有正确地处理表单数据,如果用户受骗打开了网页中INPUT单元包含有超长的VALUE属性,就可能耗尽栈资源,导致浏览器拒绝服务。
|漏洞EXP


Application: Internet explorer 7.0
OS: Windows xp - sp3 - full patch (windows vista don't work!)
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT

------------------------------------------------------
Description

Internet explorer is a default browser of windows

------------------------------------------------------
Vulnerability

The vulnerability is caused when you trying send some data, using a form.
This caused a stack overflow with the possibility of running arbitrary code.

The bug is in the module "shell32", when you analize with debug returns "stack overflow" and the memory address.

------------------------------------------------------
POC/EXPLOIT

http://jplopezy.fortunecity.es/ietest.html

------------------------------------------------------
Juan Pablo Lopez Yacubian
|受影响的产品
Microsoft Internet Explorer 7.0 + Microsoft Windows Server 2003 Sp2 X64 + Microsoft Windows Server 2003 Sp2 X64 + M
|参考资料

来源:BID
名称:33494
链接:http://www.securityfocus.com/bid/33494
来源:BUGTRAQ
名称:20090128Internetexplorer7.0stackoverflow
链接:http://www.securityfocus.com/archive/1/archive/1/500472/100/0/threaded