There is a bug in Internet Explorer 6 JavaScript implementation enabling remote memory disclosure and remote code execution. The vulnerability is caused by improper implementation of componentFromPoint() method of xml object.
The vulnerability
The vulnerability is triggered by errornous behavior of componentFromPoint() method when invoked on a newly created xml object.
Impact
This vulnerability can be used (trivially) to remotely disclose Internet Explorer's memory when a victim visits a specially crafted web page or (less trivially) to achieve remote code execution when a victim visits a specially crafted web page.
PoC
Due to the spread and the impact of the vulnerability, exploiting details will be released at a later date, once everyone has had plenty of time to patch.
References
http://www.zerodayinitiative.com/advisories/ZDI-08-069/
http://www.microsoft.com/technet/security/bulletin/MS08-058.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3475
10 comments:
Izvrstan posao Ivan :)
I appreciated your effort and bookmarked your site write company profile
اعالى الخليج تقدم افضل خدمات نقل العفش الدولى المتميزه باسعار متميزة ومنها :
شركة شحن عفش من الرياض الى الامارات
نقل عفش من الرياض الى الاردن شركة شحن عفش من الرياض الى الاردن 11
22
33
44
55
66
Hello! Our who or whom checker online is the best assistant in finding pronouns and correcting other errors in the text. You don't have to worry about forgetting the rules and making mistakes, just check your suggestions with our tool. Our assistant is trusted by thousands of people from all over the world, try it yourself!
Hello everyone! In today's fast-paced world, we must cope with various tasks as efficiently and quickly as possible and at the same time with high quality. Our text correction and proofreading tool can help you create perfect texts because it works online and for free and does its job perfectly. passive to active voice converter free
Hello everyone! I always confused and did not understand what signs should be placed in the text, and it was hard for me to deal with this topic in lessons and pairs! But this site came to my aid, where I learned to distinguish and understand why this or that sign, if you have such a problem, come and try with your friends! And the sentence changers program will always help you!
I always confused and did not understand gas station nearby
what signs should be placed in the text, and it was hard for me to deal with this topic in lessons and pairs! But this site came to my aid
wonderful blog.It's very interesting to read...
C Programming course at Edukators in Coimbatore
Understanding how the Internet Explorer 6 component FromPoint could lead to remote memory disclosure and remote code execution is definitely a challenging and complex topic. I had to seek help from the US assignment Service to get a clearer understanding. Their guidance really helped break down the technicalities and explain how such vulnerabilities are exploited. It’s a tough subject, but their support made it manageable!
SA Auto Care, founded in 2014, is a prominent vehicle service provider in South Australia that caters to all aspects of vehicle needs with end-to-end solutions. Having more than a decade of experience, the company has earned a solid image in the region with high-quality towing, repair, used car sales, and warranty services for customers. Their staff of expert professionals, experienced mechanics, and auto specialists are dedicated to offering top-notch care and personalized service to each customer. SA Auto Care repairs all makes and models of cars and provides the best quality care to each vehicle basic car repair services near me. They also provide extended warranties between 1 to 5 years and 24/7 Australia-wide roadside services. Trade-ins are accepted, and their second-hand car listings are online for viewing. For dependable and effective car services in Adelaide and beyond, SA Auto Care is the reliable option.
Post a Comment