[Full-disclosure] IE8 crashes with simple HTML
Thierry Zoller
Thierry at Zoller.lu
Wed Aug 5 11:00:41 BST 2009
Could reproduce, unhandled second chance read access violation in
mshtml!Ptls5::FsUpdateBottomlessPel+0x41d (FPO: [7,45,4])
Faulting Instruction:40af4234 cmp ecx,dword ptr [eax+18h]
Basic Block:
40af4234 cmp ecx,dword ptr [eax+18h]
Tainted Input Operands: eax, ecx
40af4237 jne mshtml!ptls5::fsupdatebottomlesspel+0x47c (40af6cf7)
Tainted Input Operands: ZeroFlag
--
http://blog.zoller.lu
Thierry Zoller
Full-Disclosure is hosted and sponsored by Secunia.