Wednesday, April 15, 2009

Internet Explorer 6 history.go() Remote Code Execution

There is a vulnerability in the implementation of history.go() function in Internet Explorer 6 exposed via JavaScript. The vulnerability enables the execution of arbitrary code if the user visits a web page controlled by the attacker.

The vulnerability

The vulnerability is in the erroneous implementation of history.go() function when called with a certain argument.

Impact

This vulnerability can be used to achieve remote code execution when a victim visits a specially crafted web page.

PoC

Due to the spread and the impact of the vulnerability, exploiting details will not be released at this time.

References

http://www.microsoft.com/technet/security/Bulletin/MS09-014.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0552

3 comments:

John Alert said...

Wow. This really made my day. Thanks a lot!

HTML5 Training in ChennaiHTML5 Training in Chennai JavaScript Training in Chennai JavaScript Training in Chennai

JavaScript Training Courses JavaScript Training Courses | Javascript Online Training Angular 2 Training in Chennai Angular 2 Training in Chennai

John Alert said...

AngularJS Training in Chennai AngularJS Training in Chennai Node.js Training in CHennai Angular 2 Training in Chennai Angular 2 Training in Chennai Node.js Training in CHennai Node.js Training in chennai MEAN Developer Training in Chennai

sunny said...

thanks for sharing good information
Best SEO Company in Chennai