Monday, May 10, 2010

window.parent.close() -> code execution.

Hi folks,
today another very didactical 0day has been released. It affects Apple Safari window.parent.close() function.

Description:

The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows.The vulnerability is confirmed in Safari version 4.0.5 for Windows. Other versions may also be affected.


The Exploit (click for enlarge):



Exploit Hight lights

(1) The vulnerable Function:



(2) Buffer Preparation:




(3) Memory Inclusion



I believe this is another interesting example of pointer manipulation (or if you wanna see from the other side, Buffer Overflow ) vulnerability. I wrote this post to remember this example for my next class (Fall 2010).

1 comment:

comprar puertas metalicas said...

Goodness, there is a great deal of effective data in this post!