Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution

最新推荐文章于 2019-03-14 19:27:00 发布
最新推荐文章于 2019-03-14 19:27:00 发布
阅读量1.3k 收藏
点赞数
分类专栏: 社会人生和文学音乐 文章标签: microsoft internet scripting security system exception
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/iiprogram/article/details/642635
版权

Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution

Computer Terrorism (UK) :: Incident Response Centre
======================================


Security Advisory :: CT22-03-2006
-------------------------------------------


Title: Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution

Organisation: Computer Terrorism (UK)
Web: www.computerterrorism.com
Advisory Date: 22nd March, 2006


Affected Software: Microsoft Internet Explorer 6.x, IE7 Beta 2
Severity: Critical
Impact: Remote System Access
Solution Status: ** UNPATCHED **


Overview:
-------------

Pursuant to the publication of the aforementioned bug/vulnerability, this document serves as a preliminary Security Advisory for users of Microsoft Internet Explorer version 6 and 7 Beta 2.

Successful exploitation will allow a remote attacker to execute arbitrary code against a fully patched Windows XP system, yielding system access with privileges of the underlying user.



Technical Narrative:
-------------------------

As per the publication, the bug originates from the use of a createTextRange() method, which, under certain circumstances, can lead to an invalid/corrupt table pointer dereference.

As a result, IE encounters an exception when trying to call a deferenced 32bit address, as highlighted by the following sniplet of code.

0x7D53C15D MOV ECX, DWORD PTR DS:[EDI]
..
0x7D53C166 CALL DWORD PTR [ECX]

Due to the incorrect reference, ECX points to a very remote, non-existent memory location, causing IE to crash (DoS). However, although the location is some what distant, history dictates that a condition of this nature is conducive towards reliable exploitation.


Proof of Concept:
-----------------------

Computer Terrorism (UK) can confirm the production of reliable proof of concept (PoC) for this vulnerability (tested on Windows XP SP2). However, until a patch is developed, we will NOT be publicly disclosing our research.



Temporary Solution:
-------------------------

Users are advised to disable active scripting for non-trusted sites until a patch is released.


Vendor Status:
--------------------

The Vendor has been informed of all aspects of this new vulnerability (including PoC), but as of the date of the document, this vulnerability is UNPATCHED.


  •  
iiprogram
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Zero Day MS Internet Explorer Remote "CreateTextRange()" Code Execution
03-29 1243
CVE-2006-1359 (Zero Day MS Internet Explorer Remote "CreateTextRange()" Code Execution) From: "Determina Secure" secure@xxxxxxxxxxxxx> Date: Mon, 27 Mar 2006 22:57:05 -0800 March 27
mshtml.dll文件
07-05
mshtml.dll文件 当遇到mshtml.dll文件缺失,破损,或者不兼容(如win 7 64位) 解决办法(本人win 7 64位): 1.将32位的mshtml.dll文件复制到SysWow64 文件夹下,将64位的mshtml.dll文件复制到SysWow32 文件夹下 2....
Microsoft Internet Explorer (mshtml.dll) Remote Code Execution
03-29 1593
Published: 22.03.2006 Updated: 23.03.2006Product:Microsoft: Internet Explorer 6.0 SP2Microsoft: Internet Explorer 6.0 SP1Microsoft: Internet Explorer 6.0Microsoft: Internet Explorer 7.0 Beta 2Seve
使用SHDocVw.InternetExplorer编程时遇到的问题
小老鼠(Alex)
10-05 2710
急关于获取MSI的PRODUCTCODE急关于获取MSI的PRODUCTCODE急关于获取MSI的PRODUCTCODE急关于获取MSI的PRODUCTCODE急关于获取MSI的PRODUCTCODE急关于获取MSI的PRODUCTCODE
msf-show
weixin_30548917的博客
01-15 3021
Metasploit框架中包涵数百个模块,没有人能用脑子把它们的名字全部记下来。在MSF终端中运行show命令会把所有的模块显示出来,也可以指定模块的类型来缩小搜索范围。 1. msf > show exploits Exploits ======== Name ...
Kali linux 2016.2(Rolling)中的Exploits模块详解
weixin_34376562的博客
11-08 5259
简单来讲,这个Exploits模块,就是针对不同的已知漏洞的利用程序。 root@kali:~# msfconsole Unable to handle kernel NULL pointer dereference at virtua...
Microsoft Windows .Reg File Dialog Box Message Spoofing 0day
weixin_34413065的博客
03-14 103
Microsoft Windows .Reg文件对话框消息欺骗 0day 概述   扩展名为.reg的文件是Windows注册表中使用的注册文件。这些文件可以包含hives、密钥和值。.reg文件可以在文本编辑器中新建,也可以由Windows注册表在备份注册表时生成。 漏洞类型 reg文件对话框消息欺骗 CVE编号 N/A 安全问题   Windows注册表编辑...
Code Project上一篇介绍windbg的文章---经典!
FreeXploiT
06-21 4202
原文:http://www.allife.org/index.php?job=art&articleid=a_20060529_121555Navigating The Kernel DebuggerIntroductionIn this tutorial, we will be covering a few of the basic features of the kernel de
Pentest-and-Development-Tips
Grey的博客
04-08 2699
Pentest-and-Development-TipsA collection of pentest and development tipsAuthor: 3gstudent声明以下技巧不应用于非法用途Tips 1. 手动端口探测nmap的-sV可以探测出服务版本,但有些情况下必须手动探测去验证使用Wireshark获取响应包未免大材小用,可通过nc简单判断eg.对于8001端口,nc连接上去...
MSHTML.TLB-filtering-advertising.zip_advertising_mshtml.tlb
最新发布
09-21
MSHTML.TLB是Microsoft HTML Object Library的类型库,它包含了用于解析和操作HTML文档的接口和类,通常与Internet Explorer的WebBrowser控件相关联。在这个上下文中,"advertising"标签表明这个项目或代码示例专注...
mshtml.dll下载
01-26
这个动态链接库(DLL)文件是Internet Explorer浏览器以及其他许多基于Web的程序的重要组成部分,它提供了对HTML、CSS和JavaScript等Web技术的全面支持。 mshtml.dll的主要功能在于提供了一个编程接口(API),让...
microsoft.mshtml.dll
05-24
Microsoft.mshtml.dll,全称为“Microsoft HTML Object Library”,是微软公司开发的一个关键组件,主要用于处理HTML文档和提供Internet Explorer(IE)的核心功能。在版本7.0.3300.1中,它包含了对HTML5、CSS3以及...
mshtml.dll
10-27
mshtml.dll
(爆笑)国产电视剧的电脑高手
04-30 9475
转载(爆笑)国产电视剧的电脑高手 有一集那个白痴女主角叫刘滋来帮她打开她男友设计的游戏(因为据说游戏形象是以她为原形的),过程如下 :   1. 刘滋走到电脑前按了一下显示器开关(键盘鼠标都没碰)电脑传出一声提示音效(靠,好人性化的电脑啊)   2. 刘滋双手狂敲键盘号称在打开程序(如果她是键盘快捷键高手我也没的说了)   3. 出现一个好象是网络游戏的画面   4. 忽然游戏画面出来了,是D
Black Hat Federal 2006
04-07 3041
Black Hat Federal 2006 Wrap-Up, Part 5 Please se...   Date: Sat, 28 Jan 2006 01:05:50 +0100Black Hat Federal 2006 Wrap-Up, Part 5Please see part 1 for an introduction if you are reading this art
很好的古典文学电子书下载网站
04-21 2577
http://52ebook.com/nlist_205.html强烈推荐了,里面的电子书制作也很精美
blog的十分奇怪问题,请csdn的开发人员看看,十分感谢!
04-12 2054
我设置blog每页文章数,一直以来,怎么修改都只显示15条,怎么这么奇怪?哪位也碰到过这个情况,请指点下,十分感谢阿!!   
林志玲
01-29 2005
分别5年的一对大学同学来了,中午吃饭,晚上唱歌,好happy啊,:)  ;话语中感觉大家都和大学毕业时已经完全不同,多了不少的成熟和稳重, 也许经历了几番风雨吧,世事难料,总是不断在改变,  我们唯一知道的是我们开始慢慢变老.....回来看到林志玲,不免感叹下,贴上来罗
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值