There is a vulnerability in the implementation of history.go() function in Internet Explorer 6 exposed via JavaScript. The vulnerability enables the execution of arbitrary code if the user visits a web page controlled by the attacker.
The vulnerability
The vulnerability is in the erroneous implementation of history.go() function when called with a certain argument.
Impact
This vulnerability can be used to achieve remote code execution when a victim visits a specially crafted web page.
PoC
Due to the spread and the impact of the vulnerability, exploiting details will not be released at this time.
References
http://www.microsoft.com/technet/security/Bulletin/MS09-014.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0552
Print
Share
Comment
Cite
Upload
Translate
APA
() » Internet Explorer 6 history.go() Remote Code Execution. Retrieved from https://www.truth.cx/2009/04/15/internet-explorer-6-history-go-remote-code-execution/.
MLA" » Internet Explorer 6 history.go() Remote Code Execution." - , https://www.truth.cx/2009/04/15/internet-explorer-6-history-go-remote-code-execution/
HARVARD » Internet Explorer 6 history.go() Remote Code Execution., viewed ,
VANCOUVER - » Internet Explorer 6 history.go() Remote Code Execution. [Internet]. [Accessed ]. Available from: https://www.truth.cx/2009/04/15/internet-explorer-6-history-go-remote-code-execution/
CHICAGO" » Internet Explorer 6 history.go() Remote Code Execution." - Accessed . https://www.truth.cx/2009/04/15/internet-explorer-6-history-go-remote-code-execution/
IEEE" » Internet Explorer 6 history.go() Remote Code Execution." [Online]. Available: https://www.truth.cx/2009/04/15/internet-explorer-6-history-go-remote-code-execution/. [Accessed: ]