Re: Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005)
It works with IE 5.5 too (JSCRIPT.DLL version 5.5.0.5207)
Andres
----- Original Message -----
From: "Benjamin Tobias Franz" <0-1-2-3@xxxxxx>
To: <bugtraq@xxxxxxxxxxxxxxxxx>
Sent: Saturday, May 28, 2005 11:24 AM
Subject: Microsoft Internet Explorer - Crash on JavaScript
"window()"-calling (05/28/2005)
> Microsoft Internet Explorer - Crash on JavaScript "window()"-calling
> (05/28/2005)
>
> Description:
> There is a bug in Microsoft Internet Explorer, which causes a crash in it.
> The bug occurs, because Microsoft Internet Explorer can't handle a call to
a
> JavaScript-function with the name of the "window"-object.
> The bug was fixed in an earlier version. But it works again.
>
> Affected software:
> Microsoft Internet Explorer
>
> Workaround:
> Deactivate "Active Scripting" in the IE options menu.
>
> Proof-of-Concept exploit:
> <body onLoad="window()">
>
> Date of discovery:
> 11. September 2003
>
> Tested software:
> Microsoft Internet Explorer 6 SP2 (6.0.2900.2180.xpsp_sp2_gdr.050301-1519)
> on a fully patched Windows XP SP2 system.
>
> DLL versions:
> MSHTML.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> BROWSEUI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> SHDOCVW.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> SHLWAPI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> URLMON.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> WININET.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
>
>
> Regards,
>
> Benjamin Tobias Franz
> Germany
>