IE8 On windows 7 32 bits unspecified DoS

3 views
Skip to first unread message

Lostmon lords

unread,
Jul 13, 2010, 11:00:15 AM7/13/10
to moder...@osvdb.org, bu...@securitytracker.com, vu...@securityfocus.com, vu...@secunia.com, vu...@k-otik.com, submi...@packetstormsecurity.org, ne...@securiteam.com, xfo...@iss.net, los...@googlegroups.com
##########################################
IE8 On windows 7 32 bits unspecified DoS
Vendor URL:http://www.microsoft.com
Advisore:http://lostmon.blogspot.com/2010/07/ie8-on-windows-7-32-bits-unspecified.html
Vendor Notify:YES Vendor confirmed:YES
EXPLOIT:Private
###########################################

A posible flaw exits in Internet explorer 8
on windows 7 32-bits ,that can cause a remote
denial of service from a malformed web page.

This issue is tiggered when IE8 try to render
Modal app prompt in conjuncion with thirds appz that
uses recurses from IE8 and try to render text inputs
it is a posible GDI text-rendering
APIs bug or or DrawText() functions involved.

When the victim visit a malformed web page, an close the 2nd
appz, this appz turns unstable and needs to close , and then
when IE8 try to restore
the tab ,it los the focus from application and it results in
a denial of service to this window , because we can't click
in any bar , in any button or do some action in this window,
ie8 aparently is frozen.

After several test this issue only is reproducible in win7 32 bits

I have a exploit or PoC for this issue , but it's
private at this time :)

Solution:
Microsoft know that as a stability bug and they add it
for consideration in a future version to address it.

#################### €nd ##########################

Thnx for your time !!!
atentamente:
Lostmon (los...@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....

Reply all
Reply to author
Forward
0 new messages