Another MSIE 4.0 overflow
|Description:||Standard overflow, this one can almost certainly be exploited by a malicious page to run arbitrary code on a user's system.|
|Author:||Georgi Guninski <email@example.com>|
|Compromise:||Run arbitrary code on the machines of Windows users connecting to your web page.|
|Vulnerable Systems:||Windows 95/NT running MSIE 4.0. Perhaps even the Solaris version is vulnerable, though I've never seen anyone run it.|
|Date:||20 March 1998|
Date: Fri, 20 Mar 1998 12:09:46 +0200
From: Georgi Guninski <firstname.lastname@example.org>
Subject: MSIE buffer overrun
Microsoft Internet Explorer 4.0 (don't know for other versions)
can be crashed and eventually made execute arbitrary code
with a little help of the <EMBED> tag.
opens a dialog box and closes IE 4.0.
It seems that the long file extension causes stack overrun.
The stack is smashed - full with our values, EIP is also ours and CS=SS.
So probably a string could be constructed, executing code at the
Solution: Do not browse hostile pages.
To try this: http://www.geocities.com/ResearchTriangle/1711/msie.html
-----------------------cut here and save as
Trying to crash IE 4.0
80 160 170 180 190 200
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: