There is a bug in Internet Explorer 6 JavaScript implementation enabling remote memory disclosure and remote code execution. The vulnerability is caused by improper implementation of componentFromPoint() method of xml object. ################### #The vulnerability# ################### The vulnerability is triggered by errornous behavior of componentFromPoint() method when invoked on a newly created xml object. ######## #Impact# ######## This vulnerability can be used (trivially) to remotely disclose Internet Explorer's memory when a victim visits a specially crafted web page or (less trivially) to achieve remote code execution when a victim visits a specially crafted web page. ##### #PoC# ##### Due to the spread and the impact of the vulnerability, exploiting details will be released at a later date, once everyone has had plenty of time to patch. ############ #References# ############ http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html http://www.zerodayinitiative.com/advisories/ZDI-08-069/ http://www.microsoft.com/technet/security/bulletin/MS08-058.mspx http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3475
