Microsoft Internet Explorer多个ActiveX控件拒绝服务漏洞

Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer包含的多个ActiveX控件存在问题，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 Determina Security Research发现当部分对象属性通过JavaScript访问时，多个控件会由于非法内存访问异常而导致应用程序崩溃。多数受影响ActiveX控件存在于MSHTML.dll中，这些ProgIDs包括如下： giffile htmlfile jpegfile mhtmlfile ODCfile pjpegfile pngfile...

WMF CreateBrushIndirect vulnerability (DoS)

The following WMF exploit appeared on milw0rm today: http://www.milw0rm.com/exploits/3111 The vulnerability is a result of the WMF parser passing a value from the file as a pointer argument to the CreateBrushIndirect function. The function dereferences the pointer and dies with an access violatio...