[39036] in bugtraq
Re: Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005)
daemon@ATHENA.MIT.EDU (- k -)
Tue May 31 12:17:42 2005
Message-ID: <000e01c56588$00bef780$48f1f4d8@rathb>
From: "- k -" <klistas@gmail.com>
To: <bugtraq@securityfocus.com>
Date: Mon, 30 May 2005 23:25:17 -0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MDaemon-Deliver-To: bugtraq@securityfocus.com
It works with IE 5.5 too (JSCRIPT.DLL version 5.5.0.5207)
Andres
----- Original Message -----
From: "Benjamin Tobias Franz" <0-1-2-3@gmx.de>
To: <bugtraq@securityfocus.com>
Sent: Saturday, May 28, 2005 11:24 AM
Subject: Microsoft Internet Explorer - Crash on JavaScript
"window()"-calling (05/28/2005)
> Microsoft Internet Explorer - Crash on JavaScript "window()"-calling
> (05/28/2005)
>
> Description:
> There is a bug in Microsoft Internet Explorer, which causes a crash in it.
> The bug occurs, because Microsoft Internet Explorer can't handle a call to
a
> JavaScript-function with the name of the "window"-object.
> The bug was fixed in an earlier version. But it works again.
>
> Affected software:
> Microsoft Internet Explorer
>
> Workaround:
> Deactivate "Active Scripting" in the IE options menu.
>
> Proof-of-Concept exploit:
> <body onLoad="window()">
>
> Date of discovery:
> 11. September 2003
>
> Tested software:
> Microsoft Internet Explorer 6 SP2 (6.0.2900.2180.xpsp_sp2_gdr.050301-1519)
> on a fully patched Windows XP SP2 system.
>
> DLL versions:
> MSHTML.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> BROWSEUI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> SHDOCVW.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> SHLWAPI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> URLMON.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> WININET.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
>
>
> Regards,
>
> Benjamin Tobias Franz
> Germany
>
