vulnerability in the IE Java applet initialization engine

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: vulnerability in the IE Java applet initialization engine
From: porkythepig@xxxxxxxx
Date: 4 Mar 2006 21:35:09 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

There is a vulnerability in the Internet Explorer 
java applet handling engine. It occurs while running at Sun Microsystems Java 
VM and is caused by inproper HTML 'INPUT' control focus handling.
After focusing the control before the successful applet intialization numerous 
browser failures appears.

Beside a final DoS condition it causes also a failure in the keyboard and mouse 
input messages 
handling in browser (eg: AltF4, browser window close button, document text 
selection)

Sun Microsystems Java need to be installed and set as default VM for IE 
to exploit this vulnerability.

The same Sun Java VM version running at other browsers (eg: Firefox, Opera)
works fine and handles this exploitation conditions without any problems, which
means it is not the problem with Sun Microsystems Java but with wrong java 
applet handling
implemented in IE.

Successful exploitation of this vulnerability causes a DoS condition and a 
browser crash
during to nullpointer assignment in mshtml.dll module in one of IE threads.

The example DoS exploit including Java applet source code can be found at:
http://www.anspi.pl/~fex/rx6502.html

vulnerability found by: porkythepig

Prev by Date: Re: Wbb 2.3. xss
Next by Date: Game-Panel <= 2.1.6 XSS
Previous by thread: [OpenPKG-SA-2006.006] OpenPKG Security Advisory (tar)
Next by thread: Game-Panel <= 2.1.6 XSS
Index(es):
- Date
- Thread