exploit the possibilities
Showing 1 - 1 of 1 RSS Feed

Files

Internet Explorer DTHML Behaviors Use After Free
Posted Apr 1, 2010
Authored by Nanika, Trancer | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability within the DTML behaviors functionality of Microsoft Internet Explorer versions 6 and 7. This bug was discovered being used in-the-wild and was previously known as the "iepeers" vulnerability. The name comes from Microsoft's suggested workaround to block access to the iepeers.dll file. According to Nico Waisman, "The bug itself is when trying to persist an object using the setAttribute, which end up calling VariantChangeTypeEx with both the source and the destination being the same variant. So if you send as a variant an IDISPATCH the algorythm will try to do a VariantClear of the destination before using it. This will end up on a call to PlainRelease which decref the reference and clean the object." NOTE: Internet Explorer 8 and Internet Explorer 5 are not affected.

tags | exploit
advisories | CVE-2010-0806
MD5 | 499222317361c6b4495867bed56de302
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Advanced Hackers Are Infecting IT Providers To Get At Customers
Posted Sep 19, 2019

tags | headline, hacker, malware, backdoor
Iowa Officials Claim Confusion Over Scope In Pen-Test Arrest
Posted Sep 19, 2019

tags | headline, hacker, government
Smart TVs, Subscription Services Leak Data To Facebook, Google
Posted Sep 19, 2019

tags | headline, privacy, google, spyware, facebook
Hotel Websites Infected With Skimmer Via Supply Chain Attack
Posted Sep 19, 2019

tags | headline, bank, cybercrime, fraud
Medical Records For 24.3 Million Left Exposed
Posted Sep 18, 2019

tags | headline, privacy, usa, data loss, fraud
New Algorithms Aim To Stamp Out Abuse On Twitter
Posted Sep 18, 2019

tags | headline, fraud, twitter
Poor Protocol Design For IoT Devices Fueling DDoS
Posted Sep 18, 2019

tags | headline, denial of service, flaw
Novaestrat Exec Arrested After Ecuadorian Data Leak
Posted Sep 18, 2019

tags | headline, government, privacy, data loss
Alleged JPMorgan Hacker Set To Plead Guilty
Posted Sep 17, 2019

tags | headline, hacker, bank
The Air Force Will Let Hackers Try To Hijack An Orbiting Satellite
Posted Sep 17, 2019

tags | headline, hacker, usa, conference, military
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close