This is an uninitialized object members of the error, the specific location for
the C * Element (here for CLiElement) at offset 0x10, this pointer to a
structure, the structure of the offset 0 is a point to itself (?) The object
pointer , offset for the 4 point to the parent DOM element.When you
umm, this bug was already reported by Skylined:
http://securityreason.com/exploitalert/7731
And doesn't seem to look like it can lead to code execution.
Wow, a *crash exploit*!!! Amazing!!! How on earth did you discover it!?!?
Berend-Jan Wever
http://skypher.com/SkyLined
On Tue, Jan 26, 2010 at 12:35 PM, wrote:
>
> #
> # Securitylab.ir
> ###
Hi,
Can this exploit be used for remote code execution???
-Santhosh
-Original Message-
From: i...@securitylab.ir [mailto:i...@securitylab.ir]
Sent: Tuesday, January 26, 2010 5:06 PM
To: bugtraq@securityfocus.com
Subject: Microsoft IE 6&7 Crash Exp
#
# Securitylab.ir
#
# Application Info:
# Name: Microsoft IE
# Version: 6 & 7
# Tested on : XP(SP1/SP2/SP3)
##
