[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] IE8 crashes with simple HTML

To: schnuddelbuddel@xxxxxxx
Subject: Re: [Full-disclosure] IE8 crashes with simple HTML
From: Thierry Zoller <Thierry@xxxxxxxxx>
Date: Wed, 5 Aug 2009 12:00:41 +0200


Could reproduce, unhandled second chance read access violation in
mshtml!Ptls5::FsUpdateBottomlessPel+0x41d (FPO: [7,45,4])


Faulting Instruction:40af4234 cmp ecx,dword ptr [eax+18h]

Basic Block:
    40af4234 cmp ecx,dword ptr [eax+18h]
       Tainted Input Operands: eax, ecx
    40af4237 jne mshtml!ptls5::fsupdatebottomlesspel+0x47c (40af6cf7)
       Tainted Input Operands: ZeroFlag

-- 
http://blog.zoller.lu
Thierry Zoller


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] IE8 crashes with simple HTML
  - From: schnuddelbuddel

Prev by Date: [Full-disclosure] IE8 crashes with simple HTML
Next by Date: [Full-disclosure] SUSE Security Announcement: flash-player (SUSE-SA:2009:041)
Previous by thread: [Full-disclosure] IE8 crashes with simple HTML
Next by thread: [Full-disclosure] SUSE Security Announcement: flash-player (SUSE-SA:2009:041)
Index(es):
- Date
- Thread