MSIE can be made to crash with a NULL ptr Read AV by executing a very small piece of JavaScript. This affects MSIE 6.0, 7.0 and 8.0 beta2. It should be fixed in 8.0 rc1.
The following HTML triggers the issue:
<BODY onload=screen[""]>
I am amazed that a bug that is so simple to trigger has apparently gone unnoticed for years.
2 Comments to “MSIE screen[""] NULL ptr DoS details”
2009/01/07
That’s awesome!
Kudos!
2009/01/09
Good work. I publish this issue in our web site.
- Alfredo
Leave a Comment